Firewall

From The World according to Vissie
Jump to navigation Jump to search

Firewall

my "old" iptables configs:

  1. iptables


What ports are open?

nmap -sT -O localhost

What is running on a port?

cat /etc/services | grep 834
netstat -anp | grep 834
lsof -i | grep 834

Linux 2.4 stateful firewall design

Lets do iptables the easy way

UFW

Uncomplicated Firewall

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-14-04

Install:

sudo apt-get install ufw
vim: /etc/default/ufw
...
IPV6=yes
...

Status:

sudo ufw status verbose

Set Up Default Policies:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Allow SSH Connections:

sudo ufw allow ssh

or..

sudo ufw allow 1234

Enable UFW:

sudo ufw enable

Enable log: ufw logging on IF you get:

WARN: /etc is group writable!
WARN: /usr is group writable!

Then:

chmod 755 /etc /lib /usr


Working with numbered rules

Listing rules with a reference number

sudo ufw status numbered

Delete numbered rule

You may then delete rules using the number. This will delete the first rule and rules will shift up to fill in the list.

sudo ufw delete 1

Check your ports

See all services on the server

sudo ufw show listening

See is firewall is allowing traffic on that port

sudo ufw status
Status: active
To                         Action      From
--                         ------      ----
...
1194/udp                   ALLOW       Anywhere
1194/udp (v6)              ALLOW       Anywhere (v6)

See if iptables will allow

sudo iptables -L | less
...
Chain ufw-user-input (1 references)
...
ACCEPT     udp  --  anywhere             anywhere             udp dpt:openvpn

OpenVPN is listening on that port (if I am interpreting this correctly):

sudo netstat -vaun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
...
udp        0      0 0.0.0.0:1194            0.0.0.0:*

See if nmap sees a service running on that port

sudo nmap -sU localhost -p 1194
Starting Nmap 6.40 ( http://nmap.org ) at 2016-11-13 17:58 GMT
Nmap scan report for localhost (127.0.0.1)
Host is up.
PORT     STATE         SERVICE
1194/udp open|filtered openvpn

Or try this to see if a port is open:

nmap -p 22  -P0 host.domain.com
Starting Nmap 6.40 ( http://nmap.org ) at 2015-01-04 20:48 CST
Nmap scan report for host.domain.com (Re.mo.te.IP)
Host is up (0.060s latency).
PORT   STATE SERVICE
22/tcp open  ssh
Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds