Difference between revisions of "Ubuntu Firewall"
From FusionPBX
(→Configure the Uncomplicated FireWall via CLI) |
(→Configure the Uncomplicated FireWall via CLI) |
||
| Line 4: | Line 4: | ||
| − | + | Install UFW | |
sudo su | sudo su | ||
apt-get install ufw | apt-get install ufw | ||
| − | + | SSH | |
ufw allow ssh | ufw allow ssh | ||
| − | + | HTTP/HTTPS - FusionPBX | |
ufw allow 80/tcp | ufw allow 80/tcp | ||
ufw allow 443/tcp | ufw allow 443/tcp | ||
| − | + | SIP and RTP - FreeSWITCH | |
ufw allow proto tcp from any to any port 5060:5069 | ufw allow proto tcp from any to any port 5060:5069 | ||
ufw allow proto udp from any to any port 5060:5069 | ufw allow proto udp from any to any port 5060:5069 | ||
| Line 22: | Line 22: | ||
ufw allow proto udp from any to any port 16383:32768 | ufw allow proto udp from any to any port 16383:32768 | ||
| − | + | Enable UFW | |
ufw default deny | ufw default deny | ||
ufw enable | ufw enable | ||
ufw logging on | ufw logging on | ||
| − | Optional | + | ==Optional== |
| − | + | ||
| + | OpenVPN | ||
ufw allow 1194/udp | ufw allow 1194/udp | ||
ufw allow 1194/tcp | ufw allow 1194/tcp | ||
| − | + | H323 | |
ufw allow 1719/udp | ufw allow 1719/udp | ||
ufw allow 1720/tcp | ufw allow 1720/tcp | ||
| − | + | STUN | |
ufw allow 3478/udp | ufw allow 3478/udp | ||
ufw allow 3479/udp | ufw allow 3479/udp | ||
| − | + | MLP protocol server | |
ufw allow 5002/tcp | ufw allow 5002/tcp | ||
| − | + | Neighborhood service | |
ufw allow 5003/udp | ufw allow 5003/udp | ||
Revision as of 16:22, 1 September 2014
Ubuntu includes ufw (uncomplicated firewall) by default, but it is not enabled.
Configure the Uncomplicated FireWall via CLI
Install UFW
sudo su apt-get install ufw
SSH
ufw allow ssh
HTTP/HTTPS - FusionPBX
ufw allow 80/tcp ufw allow 443/tcp
SIP and RTP - FreeSWITCH
ufw allow proto tcp from any to any port 5060:5069 ufw allow proto udp from any to any port 5060:5069 ufw allow 5080 ufw allow 5081 ufw allow proto udp from any to any port 16383:32768
Enable UFW
ufw default deny ufw enable ufw logging on
Optional
OpenVPN
ufw allow 1194/udp ufw allow 1194/tcp
H323
ufw allow 1719/udp ufw allow 1720/tcp
STUN
ufw allow 3478/udp ufw allow 3479/udp
MLP protocol server
ufw allow 5002/tcp
Neighborhood service
ufw allow 5003/udp
Blacklist an IP address
ufw insert 1 deny from x.x.x.x
Additional Commands
ufw status ufw delete 3
More Information
https://help.ubuntu.com/10.04/serverguide/C/firewall.html
http://pka.engr.ccny.cuny.edu/~jmao/node/28
https://help.ubuntu.com/community/UFW
man ufw
