LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   question about firewall ufw (https://www.linuxquestions.org/questions/linux-server-73/question-about-firewall-ufw-4175472997/)

marco1965 08-11-2013 10:36 AM
question about firewall ufw
 
i guys i have some good question for you i'm a bit lost

i need to install and configure the firewall in my linux server {ufs}
for the install no problem

sudo ufw enable ... the easy part done

first question
i need to add a simple rule to block protocol http

second question create a complex rule to block protocol UDP from all incoming and all traffic on port 53

create a complex rule who allow protocol TCP come from 10.1.2.254 255.255.255.0 to 192.168.7.25 on port 26

and after all that my server must accept all nfs,dns,ssh,apache,dhcp,and squirrelmail ....
and idea ????

btmiller 08-11-2013 12:44 PM
Have you looked at any UFW documentation? However, if I was to do this, I would skip UFW and just use iptables. All Linux firewalls use the NetFilter functionality in the kernel anyhow, and iptables is the standard way of interfacing with that. I suspect more people here know about iptabes than UFW, and your firewall ruleset will be portable to a distro that does not install UFW. Plus, there are a number of tutorials such as this one that can help you do most of what you specify.

However, some of the things you ask for are nonsensical. For example, you say you want to block all traffic on UDP port 53, but then say your server must accept DNS traffic, which runs on port 53. I suppose you could do this and only accept TCP DNS traffic, but this seems a bit pointless. Likewise, you block all HTTP traffic, but say you want to allow SquirrelMail traffic. SquirrelMail is a web based e-mail client, so if you don't allow HTTP traffic, no one will be able to access it.

It also looks like this machine will act as a router, which requires additional considerations and configuration, especially if NAT is to be done.

marco1965 08-11-2013 01:12 PM
Quote:
Originally Posted by btmiller (Post 5007334)
Have you looked at any UFW documentation? However, if I was to do this, I would skip UFW and just use iptables. All Linux firewalls use the NetFilter functionality in the kernel anyhow, and iptables is the standard way of interfacing with that. I suspect more people here know about iptabes than UFW, and your firewall ruleset will be portable to a distro that does not install UFW. Plus, there are a number of tutorials such as this one that can help you do most of what you specify.

However, some of the things you ask for are nonsensical. For example, you say you want to block all traffic on UDP port 53, but then say your server must accept DNS traffic, which runs on port 53. I suppose you could do this and only accept TCP DNS traffic, but this seems a bit pointless. Likewise, you block all HTTP traffic, but say you want to allow SquirrelMail traffic. SquirrelMail is a web based e-mail client, so if you don't allow HTTP traffic, no one will be able to access it.

It also looks like this machine will act as a router, which requires additional considerations and configuration, especially if NAT is to be done.
thanks for your anwser and the link i will read that ... i know it a bit confusing the rule but it was ask by a teacher .....

btmiller 08-11-2013 08:49 PM
Aha. Is this perchance part of a homework assignment for a course? As a general rule, LQ does not allow posters to directly solve other people's homework assignments. You'll learn a lot more doing it yourself. That being said, if you run into trouble carrying out the assignment, you can post exactly what you've tried here and what is not working, and people will try to answer any specific questions that you might have.

marco1965 08-12-2013 08:58 AM
Quote:
Originally Posted by btmiller (Post 5007512)
Aha. Is this perchance part of a homework assignment for a course? As a general rule, LQ does not allow posters to directly solve other people's homework assignments. You'll learn a lot more doing it yourself. That being said, if you run into trouble carrying out the assignment, you can post exactly what you've tried here and what is not working, and people will try to answer any specific questions that you might have.
you know if i decide to create post it because i've tired all i know and after 2 day of reading i did not solve the problem !!


All times are GMT -5. The time now is 06:16 PM.