1

How can I configure firewall for what I use as a web development server. I should be blocking all ports except 80 (HTTP), FTP, SSH? I tried configuring using ufw, gufw, firestarter but I ended up blocking myself from surfing the net ... :)

JM at Work
  • 1,945
  • 5
  • 23
  • 28
  • possible duplicate of [How can a non-geek set up a proper firewall?](http://askubuntu.com/questions/7757/how-can-a-non-geek-set-up-a-proper-firewall) – Lekensteyn May 12 '11 at 10:33
  • may be if you can include the rules you have created using `ufw` into your question. we will help you unblocking your self – Achu May 12 '11 at 10:56
  • @Achu ... I tried to replicate what I did but cant even find a way to block myself even with `sudo ufw default deny` any ideas? `ufw status` http://pastie.org/1895350 – JM at Work May 13 '11 at 02:06
  • @Achu, now, I removed ufw, gufw, firestarter and found that outside cannot access my server... any ideas? – JM at Work May 13 '11 at 02:25
  • when i see this http://pastie.org/1895350 it seems you didn't removed all configuration. the status is active and you block the port `80` in and out. make sure to remove all firewalls you have installed and configured. and you should use only one firewall `ufw` or `firestarter` may it is complex to manage all firewalls. – Achu May 13 '11 at 07:26

1 Answers1

2

Here is my ufw configuration

sudo ufw enable         #Enable ufw
sudo ufw default deny   #By default deny everything
sudo ufw allow 22       #Allow port 22 (ssh) I also use this for sftp
sudo ufw allow 80       #Allow port 80 (http)
sudo ufw allow 9418     #Allow port 9418 (git) You probably wont need this
sudo ufw limit ssh/tcp  #Limit connections to ssh/tcp to slowdown possible attacks
LayerCake
  • 1,036
  • 9
  • 23
  • Shouldn't deny be at t6he bottom? – JM at Work May 13 '11 at 04:45
  • So now I have [the following for `ufw status`](http://pastie.org/1895713) and outside still cannot access the server ... I cannot surf the net too ... also [the following for `iptables -L`](http://pastie.org/1895717) – JM at Work May 13 '11 at 04:56
  • No deny shouldn't be at the bottom maybe some of your settings stuck try sudo ufw reset after that retry the commands in the order i posted them – LayerCake May 13 '11 at 05:01