[App_rpt-users] UFW Firewall Blocking unwanted traffic

Loren Tedford lorentedford at gmail.com
Sat Nov 14 23:19:37 EST 2015


I am not aware of how to block a node number if their is a problem however
here is what i came up with for the Debian or Dial Distribution or if your
running Ubuntu Server etc..


I install ufw here is some command line tips

sudo apt-get update && sudo apt-get upgrade

sudo apt-get install ufw

sudo ufw allow {Port Number}

I dont suggest using default ports with ssh because they get hammed really
hard and on my data center I do use default port however i also run
Fail2ban on the server I wont cover fail2ban because its pretty easy and
self explanatory for the most part..

Example using all default ports for allstar

sudo ufw allow 222/tcp <-- Ssh port
sudo ufw allow 4569/udp <-- Iax port for allstar
sudo ufw allow 5060/udp <--- For sip if you have to use it I always stay
clear of this particular port it gets hammered alot harder easier to break
sip traffic..

sudo ufw allow 5198/udp <--- Echolink port
sudo ufw allow 5199/udp <-- Another echolink port..
sudo ufw allow 5200/tcp <-- And yet another echolink port..

If you use allmon and would like to access it
sudo ufw allow 80/tcp

sudo ufw default allow outgoing
sudo ufw default deny incoming

sudo systemctl start ufw
sudo systemctl enable ufw

here is the documentation that helped me out from linode..
https://www.linode.com/docs/security/firewalls/configure-firewall-with-ufw

Mark KC9ZHR helped me create a script that has pretty much cured most of my
hacker issues here is that script.. Look it over and put a # over ports you
wish to keep out of the ban list.. This script has solved about 90% of my
hacker issues on sip ports and iax ports.. So far no one has been
successful but i am always looking to keep the system secure the best i
can..

http://kc9zhv.com/iso/ufwblocklist

Here is how i run it on my allstar servers..
wget http://kc9zhv.com/iso/ufwblocklist

sudo ./ufwblocklist

Hope this helps anyone out their dealing with unwanted traffic..


Oh almost for got if their is an ip that you wish to allow you can add via
typing
sudo ufw allow from 10.10.10.1
or you can
sudo ufw allow from  10.10.10.1/24




Loren Tedford (KC9ZHV)
Email: lorentedford at gmail.com
Main Line:1-631-686-8878 Option 1 for Loren.
Fax Line 1:1-618-551-2755
Fax Line 2:1-631-686-8892 (New Fax line)
Cell: 618-553-0806
http://www.lorentedford.com
http://www.kc9zhv.com
http://hub.kc9zhv.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.allstarlink.org/pipermail/app_rpt-users/attachments/20151114/3a711f1b/attachment.html>


More information about the App_rpt-users mailing list