Sample firewall script for Hardy Heron

I just thought that you might be interested in a small script you can use in Hardy Heron.

It uses the new UFW (Uncomplicated firewall) introduced in this new Ubuntu distro.

The script is well commented, so everything is easy to understand.

Here is the script:

#!/bin/bash
 
  ## set the default policy to drop (deny) all connections
  sudo ufw default deny
 
  ## set logging ON
  sudo ufw logging on
 
  ## permit unrestricted traffic from a specific static IP address
  sudo ufw allow from 192.168.1.1    # maybe your router
 
  ## permit TCP connections on ssh port 22
  sudo ufw allow 22/tcp
 
  ## Allow Apache2
  sudo ufw allow 80/tcp
 
  ## Allow MySQL
  sudo ufw allow 3306/tcp
 
  ## Allow Bittorrent
  for port in {7881..7889};
  do sudo ufw allow $port/tcp; done
 
  ## Allow eMule
  sudo ufw allow 4662/tcp
  sudo ufw allow 4672/udp
 
  ## Allow DC++
  sudo ufw allow 6845
 
  ## Allow Samba from internal network only 
  sudo ufw allow proto tcp from 192.168.1.0/24 to any port 135 # used by smbd
  sudo ufw allow proto udp from 192.168.1.0/24 to any port 137 # used by nmbd
  sudo ufw allow proto udp from 192.168.1.0/24 to any port 138 # used by nmbd
  sudo ufw allow proto tcp from 192.168.1.0/24 to any port 139 # used by smbd
  sudo ufw allow proto tcp from 192.168.1.0/24 to any port 445 # used by smbd
 
  ## Display rules
  sudo ufw status

You can modify it by adding/removing rules accordingly.

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close