With Fedora, I am in the habit of configuring the firewall by directly
editing /etc/sysconfig/iptables. With Ubuntu server, I have yet to
even figure out where the conf files are stored. Thus I'm taking a
brute-force approach to ufw and just using a kludged-up script to
configure it.
Does anyone see any obvious problems with this?
config-firewall-ubuntu.sh
Code:
--------------------
#!/bin/bash
SUBNET=192.168.0.0/24
ufw disable
ufw default deny
#------------------------------------------------------------------------------
#Open the firewall for ssh..
ufw allow proto tcp to any port 22 from $SUBNET
#------------------------------------------------------------------------------
#Open the firewall for DHCP..
ufw allow proto tcp to any port 67 from $SUBNET
ufw allow proto tcp to any port 68 from $SUBNET
#------------------------------------------------------------------------------
#Open the firewall for samba..
#See: http://ubuntu.swerdna.org/ubusambaserver.html#firewall
UFWCONF='/etc/default/ufw'
ORGSTR='IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc"'
FIXSTR='IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc
nf_conntrack_netbios_ns"'
FOUNDSTR=`/bin/egrep "$FIXSTR" $UFWCONF`
if [ "$FOUNDSTR" = "" ]
then
echo "Adding $UFWCONF netbios-ns module.."
sed -i -e "s/\s*$ORGSTR$/$FIXSTR/" $UFWCONF
ufw reload
else
echo 'Module "netbios-ns" already enabled..'
fi
ufw allow proto udp to any port 137 from $SUBNET
ufw allow proto udp to any port 138 from $SUBNET
ufw allow proto tcp to any port 139 from $SUBNET
ufw allow proto tcp to any port 445 from $SUBNET
#------------------------------------------------------------------------------
#open the firewall for squeezeboxserver..
#Squeezebox Server Discovery
sudo ufw allow proto udp to any port 3483 from $SUBNET
#Squeezebox Server Control
sudo ufw allow proto tcp to any port 3483 from $SUBNET
#Squeezebox Server WebUI
sudo ufw allow proto tcp to any port 9000 from $SUBNET
#Squeezebox Server CLI
sudo ufw allow proto tcp to any port 9090 from $SUBNET
#Squeezebox Server MySQL
sudo ufw allow proto tcp to any port 9092 from $SUBNET
#Squeezebox Server UDAP
sudo ufw allow proto udp to any port 17784 from $SUBNET
echo y | ufw enable
ufw reload
ufw status verbose
echo Done!
--------------------
This yields:
Code:
--------------------
# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN 192.168.0.0/24
67/tcp ALLOW IN 192.168.0.0/24
68/tcp ALLOW IN 192.168.0.0/24
137/udp ALLOW IN 192.168.0.0/24
138/udp ALLOW IN 192.168.0.0/24
139/tcp ALLOW IN 192.168.0.0/24
445/tcp ALLOW IN 192.168.0.0/24
3483/udp ALLOW IN 192.168.0.0/24
3483/tcp ALLOW IN 192.168.0.0/24
9000/tcp ALLOW IN 192.168.0.0/24
9090/tcp ALLOW IN 192.168.0.0/24
9092/tcp ALLOW IN 192.168.0.0/24
17784/udp ALLOW IN 192.168.0.0/24
--------------------
This is a very simplistic approach, I know. But my ignorance on this
issue really knows no bounds. Have I gone off the rails here, in any
way?
--
gharris999
------------------------------------------------------------------------
gharris999's Profile: http://forums.slimdevices.com/member.php?userid=115
View this thread: http://forums.slimdevices.com/showthread.php?t=79161
_______________________________________________
unix mailing list
[email protected]
http://lists.slimdevices.com/mailman/listinfo/unix
