Firewall
Jump to navigation
Jump to search
Contents
Firewall
my "old" iptables configs:
What ports are open?
nmap -sT -O localhost
What is running on a port?
cat /etc/services | grep 834 netstat -anp | grep 834 lsof -i | grep 834
Linux 2.4 stateful firewall design
Lets do iptables the easy way
UFW
Uncomplicated Firewall
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-14-04
Install:
sudo apt-get install ufw
vim: /etc/default/ufw |
...
IPV6=yes
...
|
Status:
sudo ufw status verbose
Set Up Default Policies:
sudo ufw default deny incoming sudo ufw default allow outgoing
Allow SSH Connections:
sudo ufw allow ssh
or..
sudo ufw allow 1234
Enable UFW:
sudo ufw enable
Enable log: ufw logging on IF you get:
WARN: /etc is group writable! WARN: /usr is group writable!
Then:
chmod 755 /etc /lib /usr
Working with numbered rules
Listing rules with a reference number
sudo ufw status numbered
Delete numbered rule
You may then delete rules using the number. This will delete the first rule and rules will shift up to fill in the list.
sudo ufw delete 1
Check your ports
See all services on the server
sudo ufw show listening
See is firewall is allowing traffic on that port
sudo ufw status Status: active To Action From -- ------ ---- ... 1194/udp ALLOW Anywhere 1194/udp (v6) ALLOW Anywhere (v6)
See if iptables will allow
sudo iptables -L | less ... Chain ufw-user-input (1 references) ... ACCEPT udp -- anywhere anywhere udp dpt:openvpn
OpenVPN is listening on that port (if I am interpreting this correctly):
sudo netstat -vaun Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State ... udp 0 0 0.0.0.0:1194 0.0.0.0:*
See if nmap sees a service running on that port
sudo nmap -sU localhost -p 1194 Starting Nmap 6.40 ( http://nmap.org ) at 2016-11-13 17:58 GMT Nmap scan report for localhost (127.0.0.1) Host is up. PORT STATE SERVICE 1194/udp open|filtered openvpn
Or try this to see if a port is open:
nmap -p 22 -P0 host.domain.com Starting Nmap 6.40 ( http://nmap.org ) at 2015-01-04 20:48 CST Nmap scan report for host.domain.com (Re.mo.te.IP) Host is up (0.060s latency). PORT STATE SERVICE 22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds