Last active
September 21, 2023 09:29
-
-
Save timss/c865ffdb0bdc750c05c98694fe061d54 to your computer and use it in GitHub Desktop.
Basic UFW setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/default/ufw | |
# ufw default deny outgoing | |
# ufw default deny incoming | |
DEFAULT_INPUT_POLICY="DROP" | |
DEFAULT_OUTPUT_POLICY="DROP" | |
# Consider /etc/ufw/before.rules etc | |
$ ufw allow out 22/tcp | |
$ ufw allow out 53/udp | |
$ ufw allow out 80/tcp | |
$ ufw allow out 443/tcp | |
# /etc/environment | |
# http_proxy="http://myproxy:1234" | |
# https_proxy="http://myproxy:1234" | |
$ ufw allow out proto tcp to 1.2.3.4 port 1234 | |
# Attempt to block spotify connect | |
$ ufw deny proto tcp from any port 57621 | |
$ ufw deny proto udp from any port 57621 | |
$ ufw deny proto udp to any port 57621 | |
$ ufw deny proto tcp to any port 57621 | |
$ ufw deny proto tcp from any port 4070 | |
$ ufw deny proto tcp to any port 4070 | |
# verify | |
$ ufw reload | |
$ ufw status | |
Status: active | |
To Action From | |
-- ------ ---- | |
57621/tcp DENY Anywhere | |
57621/udp DENY Anywhere | |
Anywhere DENY 57621/udp | |
Anywhere DENY 57621/tcp | |
Anywhere DENY 4070/tcp | |
4070/tcp DENY Anywhere | |
80/tcp ALLOW OUT Anywhere | |
22/tcp ALLOW OUT Anywhere | |
53/udp ALLOW OUT Anywhere | |
443/tcp ALLOW OUT Anywhere | |
1.2.3.4 1234/tcp ALLOW OUT Anywhere |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment