How to block all port except specified on specific NIC in Ubuntu Server
I've been searching and reading on a solution to my problem. I would like to block all traffic except on specified port range (55556-55560) on specified NIC (eth0). And then block all traffic on the same port range on another NIC (eth1).
My setup. I'm running a Ubuntu Server 12.04 system with two physical network interfaces (eth0 and eth1). eth0 is tunneled through a VPN tunnel on the tun0 interface and i've only got one application bound to that interface. What i've now encountered is that other internet services like swsh and apache2 web server is also avaliable on the external ip of the tun0 interface and i don't want i to be. The application running over the VPN tunnel runs on port range 55556-55560 and now i only want to allow these ports on the eth0 interface. The other interface (eth1) is behind a router so i don't want any port rules to be applied there. The question How do i accomplish this in the best manner. Is ufw the best solution and how do i config i correctly Code:
sudo ufw allow 55556-55560 on eth0 And Code:
sudo ufw allow all on eth1 |
an example in the manpage is:
Code:
ufw allow in on eth0 to any port 80 proto tcp Code:
ufw allow in on eth0 to any port 55556-55560 proto tcp |
Quote:
Do you think it'll work if i set it like this: Code:
ufw deny in on eth0 from any |
firstly the order probably matters, it certainly does in iptables, so by denying fierst nothign will ever get through. But you shouldn't really need a default there, as there will be an overarching default policy, which you can see from "ufw status verbose" and if the policy is denying by default there, explicit rules are not required.
|
Quote:
|
default would,. in iptables land, by on INPUT or OUTPUT, not nic specific, no.
|
Quote:
|
I've got it working!
With theese commands. Code:
sudo ufw allow in on tun0 to any port 55556:55560 proto tcp Code:
holmen@filserver:~$ sudo ufw status |
Quote:
|
All times are GMT -5. The time now is 02:11 AM. |