Difference between revisions of "Ubuntu Firewall"
From FusionPBX
(→Configure the Uncomplicated FireWall via CLI) |
(→Blacklist) |
||
| (17 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Ubuntu includes ufw (uncomplicated firewall) by default, but it is not enabled. | Ubuntu includes ufw (uncomplicated firewall) by default, but it is not enabled. | ||
| − | ==Configure | + | ==Configure by command line== |
| + | |||
| + | Install UFW | ||
sudo su | sudo su | ||
| + | apt-get install ufw | ||
| + | |||
| + | SSH | ||
ufw allow ssh | ufw allow ssh | ||
| − | + | ||
| + | HTTP/HTTPS - FusionPBX | ||
ufw allow 80/tcp | ufw allow 80/tcp | ||
ufw allow 443/tcp | ufw allow 443/tcp | ||
| − | + | ||
| + | SIP and RTP - FreeSWITCH | ||
| + | ufw allow proto tcp from any to any port 5060:5069 | ||
| + | ufw allow proto udp from any to any port 5060:5069 | ||
| + | ufw allow 5080 | ||
| + | ufw allow 5081 | ||
| + | ufw allow proto udp from any to any port 16383:32768 | ||
| + | |||
| + | Enable UFW | ||
| + | ufw default deny | ||
| + | ufw enable | ||
| + | ufw logging on | ||
| + | |||
| + | ==Blacklist== | ||
| + | |||
| + | Blacklist the IP address | ||
| + | ufw insert 1 deny from x.x.x.x | ||
| + | |||
| + | Remove the blacklisted IP address | ||
| + | ufw delete allow x.x.x.x | ||
| + | |||
| + | (Replace x.x.x.x with the IP Address in the following commands.) | ||
| + | |||
| + | ==Optional== | ||
| + | |||
| + | OpenVPN | ||
| + | ufw allow 1194/udp | ||
| + | ufw allow 1194/tcp | ||
| + | |||
| + | H323 | ||
ufw allow 1719/udp | ufw allow 1719/udp | ||
ufw allow 1720/tcp | ufw allow 1720/tcp | ||
| + | |||
| + | STUN | ||
ufw allow 3478/udp | ufw allow 3478/udp | ||
ufw allow 3479/udp | ufw allow 3479/udp | ||
| + | |||
| + | MLP protocol server | ||
ufw allow 5002/tcp | ufw allow 5002/tcp | ||
| + | |||
| + | Neighborhood service | ||
ufw allow 5003/udp | ufw allow 5003/udp | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | ==Additional Commands== | |
| − | |||
| − | |||
ufw status | ufw status | ||
| − | + | ufw delete 3 | |
==More Information== | ==More Information== | ||
https://help.ubuntu.com/10.04/serverguide/C/firewall.html | https://help.ubuntu.com/10.04/serverguide/C/firewall.html | ||
| + | |||
| + | http://pka.engr.ccny.cuny.edu/~jmao/node/28 | ||
https://help.ubuntu.com/community/UFW | https://help.ubuntu.com/community/UFW | ||
man ufw | man ufw | ||
Latest revision as of 16:27, 1 September 2014
Ubuntu includes ufw (uncomplicated firewall) by default, but it is not enabled.
Contents
Configure by command line
Install UFW
sudo su apt-get install ufw
SSH
ufw allow ssh
HTTP/HTTPS - FusionPBX
ufw allow 80/tcp ufw allow 443/tcp
SIP and RTP - FreeSWITCH
ufw allow proto tcp from any to any port 5060:5069 ufw allow proto udp from any to any port 5060:5069 ufw allow 5080 ufw allow 5081 ufw allow proto udp from any to any port 16383:32768
Enable UFW
ufw default deny ufw enable ufw logging on
Blacklist
Blacklist the IP address
ufw insert 1 deny from x.x.x.x
Remove the blacklisted IP address
ufw delete allow x.x.x.x
(Replace x.x.x.x with the IP Address in the following commands.)
Optional
OpenVPN
ufw allow 1194/udp ufw allow 1194/tcp
H323
ufw allow 1719/udp ufw allow 1720/tcp
STUN
ufw allow 3478/udp ufw allow 3479/udp
MLP protocol server
ufw allow 5002/tcp
Neighborhood service
ufw allow 5003/udp
Additional Commands
ufw status ufw delete 3
More Information
https://help.ubuntu.com/10.04/serverguide/C/firewall.html
http://pka.engr.ccny.cuny.edu/~jmao/node/28
https://help.ubuntu.com/community/UFW
man ufw
