Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Have you looked at any UFW documentation? However, if I was to do this, I would skip UFW and just use iptables. All Linux firewalls use the NetFilter functionality in the kernel anyhow, and iptables is the standard way of interfacing with that. I suspect more people here know about iptabes than UFW, and your firewall ruleset will be portable to a distro that does not install UFW. Plus, there are a number of tutorials such as this one that can help you do most of what you specify.
However, some of the things you ask for are nonsensical. For example, you say you want to block all traffic on UDP port 53, but then say your server must accept DNS traffic, which runs on port 53. I suppose you could do this and only accept TCP DNS traffic, but this seems a bit pointless. Likewise, you block all HTTP traffic, but say you want to allow SquirrelMail traffic. SquirrelMail is a web based e-mail client, so if you don't allow HTTP traffic, no one will be able to access it.
It also looks like this machine will act as a router, which requires additional considerations and configuration, especially if NAT is to be done.
Have you looked at any UFW documentation? However, if I was to do this, I would skip UFW and just use iptables. All Linux firewalls use the NetFilter functionality in the kernel anyhow, and iptables is the standard way of interfacing with that. I suspect more people here know about iptabes than UFW, and your firewall ruleset will be portable to a distro that does not install UFW. Plus, there are a number of tutorials such as this one that can help you do most of what you specify.
However, some of the things you ask for are nonsensical. For example, you say you want to block all traffic on UDP port 53, but then say your server must accept DNS traffic, which runs on port 53. I suppose you could do this and only accept TCP DNS traffic, but this seems a bit pointless. Likewise, you block all HTTP traffic, but say you want to allow SquirrelMail traffic. SquirrelMail is a web based e-mail client, so if you don't allow HTTP traffic, no one will be able to access it.
It also looks like this machine will act as a router, which requires additional considerations and configuration, especially if NAT is to be done.
thanks for your anwser and the link i will read that ... i know it a bit confusing the rule but it was ask by a teacher .....
Aha. Is this perchance part of a homework assignment for a course? As a general rule, LQ does not allow posters to directly solve other people's homework assignments. You'll learn a lot more doing it yourself. That being said, if you run into trouble carrying out the assignment, you can post exactly what you've tried here and what is not working, and people will try to answer any specific questions that you might have.
Aha. Is this perchance part of a homework assignment for a course? As a general rule, LQ does not allow posters to directly solve other people's homework assignments. You'll learn a lot more doing it yourself. That being said, if you run into trouble carrying out the assignment, you can post exactly what you've tried here and what is not working, and people will try to answer any specific questions that you might have.
you know if i decide to create post it because i've tired all i know and after 2 day of reading i did not solve the problem !!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.