ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    UFW rules question

    IT Discussion
    3
    8
    140
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • WLS-ITGuy
      WLS-ITGuy last edited by

      I am trying to troubleshoot some weird access on one of our webhosts. I only want 80 and 443 accessible from anywhere, I'd like 587 to be only pointing to our mail server IP, and only want SSH to be allowed from our WAN IP. Am I missing anything?

      alt text

      WLS-ITGuy Emad R 2 Replies Last reply Reply Quote 0
      • WLS-ITGuy
        WLS-ITGuy @WLS-ITGuy last edited by

        I see that I have to delete the 1st entry.

        1 Reply Last reply Reply Quote 0
        • Emad R
          Emad R @WLS-ITGuy last edited by

          @WLS-ITGuy

          ufw status verbose

          will help you more, cause it will show the default incoming and outgoing rule

          WLS-ITGuy 1 Reply Last reply Reply Quote 0
          • WLS-ITGuy
            WLS-ITGuy @Emad R last edited by

            @Emad-R said in UFW rules question:

            @WLS-ITGuy

            ufw status verbose

            will help you more, cause it will show the default incoming and outgoing rule

            alt text

            Emad R 1 Reply Last reply Reply Quote 0
            • Emad R
              Emad R @WLS-ITGuy last edited by

              @WLS-ITGuy

              Ok you dont need to make any deny rules, cause by default this is working. Just put the stuff you wish to make exceoption and allow

              WLS-ITGuy 1 Reply Last reply Reply Quote 0
              • WLS-ITGuy
                WLS-ITGuy @Emad R last edited by

                @Emad-R said in UFW rules question:

                @WLS-ITGuy

                Ok you dont need to make any deny rules, cause by default this is working. Just put the stuff you wish to make exceoption and allow

                Then this should be good?

                alt text

                Emad R 1 Reply Last reply Reply Quote 0
                • scottalanmiller
                  scottalanmiller last edited by

                  You still need 587 I believe.

                  1 Reply Last reply Reply Quote 0
                  • Emad R
                    Emad R @WLS-ITGuy last edited by

                    @WLS-ITGuy

                    Look good to me .

                    If you need to send emails from the box itself you need to open additional, but usually you rely on third party services for that like SMTP2GO or SendGrid and for that you dont need to open any additional ports.

                    I used to firewall port SSH but then i was like I would like to work on machines from anywhere, so I just enable strong SSH auth based security.

                    However both approaches will work, the thing is imagine if you want to connect on that machine on emergency, you have to go to the 74 IP or vpn to it.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post