8
by Jamie Strandboge
* new upstream version: |
1 |
Setting IPV6 to yes |
2 |
0: disable |
|
3 |
||
4 |
||
5 |
1: enable |
|
6 |
||
7 |
||
8 |
TESTING ARGS (logging) |
|
9 |
2: logging on |
|
10 |
WARN: Checks disabled |
|
11 |
Logging enabled |
|
12 |
||
13 |
||
14 |
3: logging off |
|
15 |
WARN: Checks disabled |
|
16 |
Logging disabled |
|
17 |
||
18 |
||
19 |
TESTING ARGS (allow/deny to/from) |
|
20 |
4: allow 53 |
|
21 |
WARN: Checks disabled |
|
22 |
Rule added |
|
23 |
Rule added (v6) |
|
24 |
||
25 |
||
26 |
5: allow 23/tcp |
|
27 |
WARN: Checks disabled |
|
28 |
Rule added |
|
29 |
Rule added (v6) |
|
30 |
||
31 |
||
32 |
6: allow smtp |
|
33 |
WARN: Checks disabled |
|
34 |
Rule added |
|
35 |
Rule added (v6) |
|
36 |
||
37 |
||
38 |
7: deny proto tcp to any port 80 |
|
39 |
WARN: Checks disabled |
|
40 |
Rule added |
|
41 |
Rule added (v6) |
|
42 |
||
43 |
||
44 |
8: deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 |
|
45 |
WARN: Checks disabled |
|
46 |
Rule added |
|
47 |
||
48 |
||
49 |
9: allow from 10.0.0.0/8 |
|
50 |
WARN: Checks disabled |
|
51 |
Rule added |
|
52 |
||
53 |
||
54 |
10: allow from 172.16.0.0/12 |
|
55 |
WARN: Checks disabled |
|
56 |
Rule added |
|
57 |
||
58 |
||
59 |
11: allow from 192.168.0.0/16 |
|
60 |
WARN: Checks disabled |
|
61 |
Rule added |
|
62 |
||
63 |
||
64 |
12: deny proto udp from 1.2.3.4 to any port 514 |
|
65 |
WARN: Checks disabled |
|
66 |
Rule added |
|
67 |
||
68 |
||
69 |
13: allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 |
|
70 |
WARN: Checks disabled |
|
71 |
Rule added |
|
72 |
||
73 |
||
19
by Jamie Strandboge
* bump version |
74 |
14: limit 22/tcp |
75 |
WARN: Checks disabled |
|
76 |
Rule added |
|
77 |
Skipping unsupported IPv6 'limit' rule |
|
78 |
||
79 |
||
80 |
15: deny proto tcp from 2001:db8::/32 to any port 25 |
|
81 |
WARN: Checks disabled |
|
82 |
Rule added (v6) |
|
83 |
||
84 |
||
85 |
16: deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 |
|
86 |
WARN: Checks disabled |
|
87 |
Rule added (v6) |
|
88 |
||
89 |
||
90 |
17: status |
|
91 |
WARN: Checks disabled |
|
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
92 |
Status: active |
14
by Jamie Strandboge
* bump version |
93 |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
94 |
To Action From |
95 |
-- ------ ----
|
|
96 |
53 ALLOW Anywhere |
|
97 |
23/tcp ALLOW Anywhere |
|
98 |
25/tcp ALLOW Anywhere |
|
99 |
80/tcp DENY Anywhere |
|
100 |
192.168.0.1 25/tcp DENY 10.0.0.0/8 |
|
101 |
Anywhere ALLOW 10.0.0.0/8 |
|
102 |
Anywhere ALLOW 172.16.0.0/12 |
|
103 |
Anywhere ALLOW 192.168.0.0/16 |
|
104 |
514/udp DENY 1.2.3.4 |
|
105 |
1.2.3.4 5469/udp ALLOW 1.2.3.5 5469/udp |
|
106 |
22/tcp LIMIT Anywhere |
|
107 |
53 ALLOW Anywhere (v6) |
|
108 |
23/tcp ALLOW Anywhere (v6) |
|
109 |
25/tcp ALLOW Anywhere (v6) |
|
110 |
80/tcp DENY Anywhere (v6) |
|
111 |
25/tcp DENY 2001:db8::/32 |
|
112 |
2001:db8:3:4:5:6:7:8 DENY 2001:db8::/32 26 |
|
113 |
||
114 |
||
115 |
||
116 |
### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 in |
|
8
by Jamie Strandboge
* new upstream version: |
117 |
-A ufw-user-input -p tcp --dport 53 -j ACCEPT |
118 |
-A ufw-user-input -p udp --dport 53 -j ACCEPT |
|
119 |
--
|
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
120 |
### tuple ### allow tcp 23 0.0.0.0/0 any 0.0.0.0/0 in |
8
by Jamie Strandboge
* new upstream version: |
121 |
-A ufw-user-input -p tcp --dport 23 -j ACCEPT |
122 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
123 |
### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in |
8
by Jamie Strandboge
* new upstream version: |
124 |
-A ufw-user-input -p tcp --dport 25 -j ACCEPT |
16
by Jamie Strandboge
* don't log noisy services by default (LP: #209709) |
125 |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
126 |
### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in |
8
by Jamie Strandboge
* new upstream version: |
127 |
-A ufw-user-input -p tcp --dport 80 -j DROP |
128 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
129 |
### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in |
8
by Jamie Strandboge
* new upstream version: |
130 |
-A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP |
131 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
132 |
### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in |
8
by Jamie Strandboge
* new upstream version: |
133 |
-A ufw-user-input -s 10.0.0.0/8 -j ACCEPT |
134 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
135 |
### tuple ### allow any any 0.0.0.0/0 any 172.16.0.0/12 in |
8
by Jamie Strandboge
* new upstream version: |
136 |
-A ufw-user-input -s 172.16.0.0/12 -j ACCEPT |
137 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
138 |
### tuple ### allow any any 0.0.0.0/0 any 192.168.0.0/16 in |
8
by Jamie Strandboge
* new upstream version: |
139 |
-A ufw-user-input -s 192.168.0.0/16 -j ACCEPT |
140 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
141 |
### tuple ### deny udp 514 0.0.0.0/0 any 1.2.3.4 in |
8
by Jamie Strandboge
* new upstream version: |
142 |
-A ufw-user-input -p udp --dport 514 -s 1.2.3.4 -j DROP |
143 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
144 |
### tuple ### allow udp 5469 1.2.3.4 5469 1.2.3.5 in |
8
by Jamie Strandboge
* new upstream version: |
145 |
-A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT |
146 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
147 |
### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in |
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
148 |
-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set |
149 |
-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
150 |
### tuple ### allow any 53 ::/0 any ::/0 in |
8
by Jamie Strandboge
* new upstream version: |
151 |
-A ufw6-user-input -p tcp --dport 53 -j ACCEPT |
152 |
-A ufw6-user-input -p udp --dport 53 -j ACCEPT |
|
153 |
--
|
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
154 |
### tuple ### allow tcp 23 ::/0 any ::/0 in |
8
by Jamie Strandboge
* new upstream version: |
155 |
-A ufw6-user-input -p tcp --dport 23 -j ACCEPT |
156 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
157 |
### tuple ### allow tcp 25 ::/0 any ::/0 in |
8
by Jamie Strandboge
* new upstream version: |
158 |
-A ufw6-user-input -p tcp --dport 25 -j ACCEPT |
16
by Jamie Strandboge
* don't log noisy services by default (LP: #209709) |
159 |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
160 |
### tuple ### deny tcp 80 ::/0 any ::/0 in |
8
by Jamie Strandboge
* new upstream version: |
161 |
-A ufw6-user-input -p tcp --dport 80 -j DROP |
162 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
163 |
### tuple ### deny tcp 25 ::/0 any 2001:db8::/32 in |
8
by Jamie Strandboge
* new upstream version: |
164 |
-A ufw6-user-input -p tcp --dport 25 -s 2001:db8::/32 -j DROP |
165 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
166 |
### tuple ### deny any any 2001:db8:3:4:5:6:7:8 26 2001:db8::/32 in |
8
by Jamie Strandboge
* new upstream version: |
167 |
-A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 26 -j DROP |
168 |
-A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 26 -j DROP |
|
169 |
TESTING ARGS (delete allow/deny to/from) |
|
19
by Jamie Strandboge
* bump version |
170 |
18: delete allow 53 |
171 |
WARN: Checks disabled |
|
172 |
Rule deleted |
|
173 |
Rule deleted (v6) |
|
174 |
||
175 |
||
176 |
19: delete allow 23/tcp |
|
177 |
WARN: Checks disabled |
|
178 |
Rule deleted |
|
179 |
Rule deleted (v6) |
|
180 |
||
181 |
||
182 |
20: delete allow smtp |
|
183 |
WARN: Checks disabled |
|
184 |
Rule deleted |
|
185 |
Rule deleted (v6) |
|
186 |
||
187 |
||
188 |
21: delete deny proto tcp to any port 80 |
|
189 |
WARN: Checks disabled |
|
190 |
Rule deleted |
|
191 |
Rule deleted (v6) |
|
192 |
||
193 |
||
194 |
22: delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 |
|
195 |
WARN: Checks disabled |
|
196 |
Rule deleted |
|
197 |
||
198 |
||
199 |
23: delete allow from 10.0.0.0/8 |
|
200 |
WARN: Checks disabled |
|
201 |
Rule deleted |
|
202 |
||
203 |
||
204 |
24: delete allow from 172.16.0.0/12 |
|
205 |
WARN: Checks disabled |
|
206 |
Rule deleted |
|
207 |
||
208 |
||
209 |
25: delete allow from 192.168.0.0/16 |
|
210 |
WARN: Checks disabled |
|
211 |
Rule deleted |
|
212 |
||
213 |
||
214 |
26: delete deny proto udp from 1.2.3.4 to any port 514 |
|
215 |
WARN: Checks disabled |
|
216 |
Rule deleted |
|
217 |
||
218 |
||
219 |
27: delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 |
|
220 |
WARN: Checks disabled |
|
221 |
Rule deleted |
|
222 |
||
223 |
||
224 |
28: delete limit 22/tcp |
|
225 |
WARN: Checks disabled |
|
226 |
Rule deleted |
|
227 |
Skipping unsupported IPv6 'limit' rule |
|
228 |
||
229 |
||
230 |
29: delete deny proto tcp from 2001:db8::/32 to any port 25 |
|
231 |
WARN: Checks disabled |
|
232 |
Rule deleted (v6) |
|
233 |
||
234 |
||
235 |
30: delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 |
|
236 |
WARN: Checks disabled |
|
237 |
Rule deleted (v6) |
|
238 |
||
239 |
||
240 |
31: status |
|
241 |
WARN: Checks disabled |
|
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
242 |
Status: active |
8
by Jamie Strandboge
* new upstream version: |
243 |
|
244 |
||
245 |
Setting IPV6 to no |
|
19
by Jamie Strandboge
* bump version |
246 |
32: disable |
8
by Jamie Strandboge
* new upstream version: |
247 |
|
248 |
||
19
by Jamie Strandboge
* bump version |
249 |
33: enable |
8
by Jamie Strandboge
* new upstream version: |
250 |
|
251 |
||
252 |
TESTING ARGS (logging) |
|
19
by Jamie Strandboge
* bump version |
253 |
34: logging on |
8
by Jamie Strandboge
* new upstream version: |
254 |
WARN: Checks disabled |
255 |
Logging enabled |
|
256 |
||
257 |
||
19
by Jamie Strandboge
* bump version |
258 |
35: logging off |
8
by Jamie Strandboge
* new upstream version: |
259 |
WARN: Checks disabled |
260 |
Logging disabled |
|
261 |
||
262 |
||
263 |
TESTING ARGS (allow/deny to/from) |
|
19
by Jamie Strandboge
* bump version |
264 |
36: allow 53 |
265 |
WARN: Checks disabled |
|
266 |
Rule added |
|
267 |
||
268 |
||
269 |
37: allow 23/tcp |
|
270 |
WARN: Checks disabled |
|
271 |
Rule added |
|
272 |
||
273 |
||
274 |
38: allow smtp |
|
275 |
WARN: Checks disabled |
|
276 |
Rule added |
|
277 |
||
278 |
||
279 |
39: deny proto tcp to any port 80 |
|
280 |
WARN: Checks disabled |
|
281 |
Rule added |
|
282 |
||
283 |
||
284 |
40: deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 |
|
285 |
WARN: Checks disabled |
|
286 |
Rule added |
|
287 |
||
288 |
||
289 |
41: allow from 10.0.0.0/8 |
|
290 |
WARN: Checks disabled |
|
291 |
Rule added |
|
292 |
||
293 |
||
294 |
42: allow from 172.16.0.0/12 |
|
295 |
WARN: Checks disabled |
|
296 |
Rule added |
|
297 |
||
298 |
||
299 |
43: allow from 192.168.0.0/16 |
|
300 |
WARN: Checks disabled |
|
301 |
Rule added |
|
302 |
||
303 |
||
304 |
44: deny proto udp from 1.2.3.4 to any port 514 |
|
305 |
WARN: Checks disabled |
|
306 |
Rule added |
|
307 |
||
308 |
||
309 |
45: allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 |
|
310 |
WARN: Checks disabled |
|
311 |
Rule added |
|
312 |
||
313 |
||
314 |
46: limit 22/tcp |
|
315 |
WARN: Checks disabled |
|
316 |
Rule added |
|
317 |
||
318 |
||
319 |
47: status |
|
320 |
WARN: Checks disabled |
|
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
321 |
Status: active |
14
by Jamie Strandboge
* bump version |
322 |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
323 |
To Action From |
324 |
-- ------ ----
|
|
325 |
53 ALLOW Anywhere |
|
326 |
23/tcp ALLOW Anywhere |
|
327 |
25/tcp ALLOW Anywhere |
|
328 |
80/tcp DENY Anywhere |
|
329 |
192.168.0.1 25/tcp DENY 10.0.0.0/8 |
|
330 |
Anywhere ALLOW 10.0.0.0/8 |
|
331 |
Anywhere ALLOW 172.16.0.0/12 |
|
332 |
Anywhere ALLOW 192.168.0.0/16 |
|
333 |
514/udp DENY 1.2.3.4 |
|
334 |
1.2.3.4 5469/udp ALLOW 1.2.3.5 5469/udp |
|
335 |
22/tcp LIMIT Anywhere |
|
336 |
||
337 |
||
338 |
||
339 |
### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 in |
|
8
by Jamie Strandboge
* new upstream version: |
340 |
-A ufw-user-input -p tcp --dport 53 -j ACCEPT |
341 |
-A ufw-user-input -p udp --dport 53 -j ACCEPT |
|
342 |
--
|
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
343 |
### tuple ### allow tcp 23 0.0.0.0/0 any 0.0.0.0/0 in |
8
by Jamie Strandboge
* new upstream version: |
344 |
-A ufw-user-input -p tcp --dport 23 -j ACCEPT |
345 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
346 |
### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in |
8
by Jamie Strandboge
* new upstream version: |
347 |
-A ufw-user-input -p tcp --dport 25 -j ACCEPT |
16
by Jamie Strandboge
* don't log noisy services by default (LP: #209709) |
348 |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
349 |
### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in |
8
by Jamie Strandboge
* new upstream version: |
350 |
-A ufw-user-input -p tcp --dport 80 -j DROP |
351 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
352 |
### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in |
8
by Jamie Strandboge
* new upstream version: |
353 |
-A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP |
354 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
355 |
### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in |
8
by Jamie Strandboge
* new upstream version: |
356 |
-A ufw-user-input -s 10.0.0.0/8 -j ACCEPT |
357 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
358 |
### tuple ### allow any any 0.0.0.0/0 any 172.16.0.0/12 in |
8
by Jamie Strandboge
* new upstream version: |
359 |
-A ufw-user-input -s 172.16.0.0/12 -j ACCEPT |
360 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
361 |
### tuple ### allow any any 0.0.0.0/0 any 192.168.0.0/16 in |
8
by Jamie Strandboge
* new upstream version: |
362 |
-A ufw-user-input -s 192.168.0.0/16 -j ACCEPT |
363 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
364 |
### tuple ### deny udp 514 0.0.0.0/0 any 1.2.3.4 in |
8
by Jamie Strandboge
* new upstream version: |
365 |
-A ufw-user-input -p udp --dport 514 -s 1.2.3.4 -j DROP |
366 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
367 |
### tuple ### allow udp 5469 1.2.3.4 5469 1.2.3.5 in |
8
by Jamie Strandboge
* new upstream version: |
368 |
-A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT |
369 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
370 |
### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in |
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
371 |
-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set |
372 |
-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit |
|
8
by Jamie Strandboge
* new upstream version: |
373 |
TESTING ARGS (delete allow/deny to/from) |
19
by Jamie Strandboge
* bump version |
374 |
48: delete allow 53 |
375 |
WARN: Checks disabled |
|
376 |
Rule deleted |
|
377 |
||
378 |
||
379 |
49: delete allow 23/tcp |
|
380 |
WARN: Checks disabled |
|
381 |
Rule deleted |
|
382 |
||
383 |
||
384 |
50: delete allow smtp |
|
385 |
WARN: Checks disabled |
|
386 |
Rule deleted |
|
387 |
||
388 |
||
389 |
51: delete deny proto tcp to any port 80 |
|
390 |
WARN: Checks disabled |
|
391 |
Rule deleted |
|
392 |
||
393 |
||
394 |
52: delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 |
|
395 |
WARN: Checks disabled |
|
396 |
Rule deleted |
|
397 |
||
398 |
||
399 |
53: delete allow from 10.0.0.0/8 |
|
400 |
WARN: Checks disabled |
|
401 |
Rule deleted |
|
402 |
||
403 |
||
404 |
54: delete allow from 172.16.0.0/12 |
|
405 |
WARN: Checks disabled |
|
406 |
Rule deleted |
|
407 |
||
408 |
||
409 |
55: delete allow from 192.168.0.0/16 |
|
410 |
WARN: Checks disabled |
|
411 |
Rule deleted |
|
412 |
||
413 |
||
414 |
56: delete deny proto udp from 1.2.3.4 to any port 514 |
|
415 |
WARN: Checks disabled |
|
416 |
Rule deleted |
|
417 |
||
418 |
||
419 |
57: delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 |
|
420 |
WARN: Checks disabled |
|
421 |
Rule deleted |
|
422 |
||
423 |
||
424 |
58: delete limit 22/tcp |
|
425 |
WARN: Checks disabled |
|
426 |
Rule deleted |
|
427 |
||
428 |
||
429 |
59: status |
|
430 |
WARN: Checks disabled |
|
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
431 |
Status: active |
19
by Jamie Strandboge
* bump version |
432 |
|
433 |
||
29
by Jamie Strandboge
* debian/rules: check for 'nocheck' in DEB_BUILD_OPTIONS |
434 |
Checking status |
435 |
60: status |
|
436 |
||
437 |
||
438 |
61: status verbose |
|
439 |
||
440 |
||
30.1.8
by Jamie Strandboge
Import upstream version 0.29.3 |
441 |
62: status numbered |
29
by Jamie Strandboge
* debian/rules: check for 'nocheck' in DEB_BUILD_OPTIONS |
442 |
|
443 |
||
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
444 |
Checking reject |
445 |
Setting IPV6 to yes |
|
29
by Jamie Strandboge
* debian/rules: check for 'nocheck' in DEB_BUILD_OPTIONS |
446 |
63: disable |
8
by Jamie Strandboge
* new upstream version: |
447 |
|
448 |
||
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
449 |
64: enable |
450 |
||
451 |
||
452 |
65: reject 113 |
|
453 |
WARN: Checks disabled |
|
454 |
Rule added |
|
455 |
Rule added (v6) |
|
456 |
||
457 |
||
458 |
66: reject 114/tcp |
|
459 |
WARN: Checks disabled |
|
460 |
Rule added |
|
461 |
Rule added (v6) |
|
462 |
||
463 |
||
464 |
67: reject 115/udp |
|
465 |
WARN: Checks disabled |
|
466 |
Rule added |
|
467 |
Rule added (v6) |
|
468 |
||
469 |
||
470 |
68: status |
|
471 |
WARN: Checks disabled |
|
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
472 |
Status: active |
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
473 |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
474 |
To Action From |
475 |
-- ------ ----
|
|
476 |
113 REJECT Anywhere |
|
477 |
114/tcp REJECT Anywhere |
|
478 |
115/udp REJECT Anywhere |
|
479 |
113 REJECT Anywhere (v6) |
|
480 |
114/tcp REJECT Anywhere (v6) |
|
481 |
115/udp REJECT Anywhere (v6) |
|
482 |
||
483 |
||
484 |
||
485 |
### tuple ### reject any 113 0.0.0.0/0 any 0.0.0.0/0 in |
|
486 |
-A ufw-user-input -p tcp --dport 113 -j REJECT --reject-with tcp-reset |
|
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
487 |
-A ufw-user-input -p udp --dport 113 -j REJECT |
488 |
--
|
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
489 |
### tuple ### reject tcp 114 0.0.0.0/0 any 0.0.0.0/0 in |
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
490 |
-A ufw-user-input -p tcp --dport 114 -j REJECT --reject-with tcp-reset |
491 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
492 |
### tuple ### reject udp 115 0.0.0.0/0 any 0.0.0.0/0 in |
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
493 |
-A ufw-user-input -p udp --dport 115 -j REJECT |
494 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
495 |
### tuple ### reject any 113 ::/0 any ::/0 in |
496 |
-A ufw6-user-input -p tcp --dport 113 -j REJECT --reject-with tcp-reset |
|
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
497 |
-A ufw6-user-input -p udp --dport 113 -j REJECT |
498 |
--
|
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
499 |
### tuple ### reject tcp 114 ::/0 any ::/0 in |
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
500 |
-A ufw6-user-input -p tcp --dport 114 -j REJECT --reject-with tcp-reset |
501 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
502 |
### tuple ### reject udp 115 ::/0 any ::/0 in |
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
503 |
-A ufw6-user-input -p udp --dport 115 -j REJECT |
504 |
||
505 |
69: delete reject 113 |
|
506 |
WARN: Checks disabled |
|
507 |
Rule deleted |
|
508 |
Rule deleted (v6) |
|
509 |
||
510 |
||
511 |
70: delete reject 114/tcp |
|
512 |
WARN: Checks disabled |
|
513 |
Rule deleted |
|
514 |
Rule deleted (v6) |
|
515 |
||
516 |
||
517 |
71: delete reject 115/udp |
|
518 |
WARN: Checks disabled |
|
519 |
Rule deleted |
|
520 |
Rule deleted (v6) |
|
521 |
||
522 |
||
523 |
72: status |
|
524 |
WARN: Checks disabled |
|
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
525 |
Status: active |
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
526 |
|
527 |
||
528 |
Setting IPV6 to no |
|
529 |
73: disable |
|
530 |
||
531 |
||
532 |
74: enable |
|
533 |
||
534 |
||
535 |
75: reject 113 |
|
536 |
WARN: Checks disabled |
|
537 |
Rule added |
|
538 |
||
539 |
||
540 |
76: reject 114/tcp |
|
541 |
WARN: Checks disabled |
|
542 |
Rule added |
|
543 |
||
544 |
||
545 |
77: reject 115/udp |
|
546 |
WARN: Checks disabled |
|
547 |
Rule added |
|
548 |
||
549 |
||
550 |
78: status |
|
551 |
WARN: Checks disabled |
|
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
552 |
Status: active |
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
553 |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
554 |
To Action From |
555 |
-- ------ ----
|
|
556 |
113 REJECT Anywhere |
|
557 |
114/tcp REJECT Anywhere |
|
558 |
115/udp REJECT Anywhere |
|
559 |
||
560 |
||
561 |
||
562 |
### tuple ### reject any 113 0.0.0.0/0 any 0.0.0.0/0 in |
|
563 |
-A ufw-user-input -p tcp --dport 113 -j REJECT --reject-with tcp-reset |
|
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
564 |
-A ufw-user-input -p udp --dport 113 -j REJECT |
565 |
--
|
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
566 |
### tuple ### reject tcp 114 0.0.0.0/0 any 0.0.0.0/0 in |
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
567 |
-A ufw-user-input -p tcp --dport 114 -j REJECT --reject-with tcp-reset |
568 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
569 |
### tuple ### reject udp 115 0.0.0.0/0 any 0.0.0.0/0 in |
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
570 |
-A ufw-user-input -p udp --dport 115 -j REJECT |
571 |
||
572 |
79: delete reject 113 |
|
573 |
WARN: Checks disabled |
|
574 |
Rule deleted |
|
575 |
||
576 |
||
577 |
80: delete reject 114/tcp |
|
578 |
WARN: Checks disabled |
|
579 |
Rule deleted |
|
580 |
||
581 |
||
582 |
81: delete reject 115/udp |
|
583 |
WARN: Checks disabled |
|
584 |
Rule deleted |
|
585 |
||
586 |
||
587 |
82: status |
|
588 |
WARN: Checks disabled |
|
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
589 |
Status: active |
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
590 |
|
591 |
||
592 |
Checking flush builtins |
|
593 |
83: disable |
|
594 |
||
595 |
||
596 |
iptables -I INPUT -j ACCEPT -m comment --comment ufw_test_builtins |
|
597 |
84: enable |
|
598 |
||
599 |
||
600 |
85: disable |
|
601 |
||
602 |
||
603 |
iptables -I INPUT -j ACCEPT -m comment --comment ufw_test_builtins |
|
604 |
86: enable |
|
605 |
||
606 |
||
30.1.12
by Jamie Strandboge
Import upstream version 0.31 |
607 |
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* ufw_test_builtins */ |
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
608 |
Testing status numbered |
609 |
Setting IPV6 to yes |
|
30.1.2
by Jamie Strandboge
Import upstream version 0.26 |
610 |
87: disable |
611 |
||
612 |
||
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
613 |
88: enable |
614 |
||
615 |
||
616 |
89: allow 53 |
|
617 |
WARN: Checks disabled |
|
618 |
Rule added |
|
619 |
Rule added (v6) |
|
620 |
||
621 |
||
622 |
90: allow 23/tcp |
|
623 |
WARN: Checks disabled |
|
624 |
Rule added |
|
625 |
Rule added (v6) |
|
626 |
||
627 |
||
628 |
91: allow smtp |
|
629 |
WARN: Checks disabled |
|
630 |
Rule added |
|
631 |
Rule added (v6) |
|
632 |
||
633 |
||
634 |
92: deny proto tcp to any port 80 |
|
635 |
WARN: Checks disabled |
|
636 |
Rule added |
|
637 |
Rule added (v6) |
|
638 |
||
639 |
||
640 |
93: deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 |
|
641 |
WARN: Checks disabled |
|
642 |
Rule added |
|
643 |
||
644 |
||
645 |
94: allow from 10.0.0.0/8 |
|
646 |
WARN: Checks disabled |
|
647 |
Rule added |
|
648 |
||
649 |
||
650 |
95: allow from 172.16.0.0/12 |
|
651 |
WARN: Checks disabled |
|
652 |
Rule added |
|
653 |
||
654 |
||
655 |
96: allow from 192.168.0.0/16 |
|
656 |
WARN: Checks disabled |
|
657 |
Rule added |
|
658 |
||
659 |
||
660 |
97: deny proto udp from 1.2.3.4 to any port 514 |
|
661 |
WARN: Checks disabled |
|
662 |
Rule added |
|
663 |
||
664 |
||
665 |
98: allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 |
|
666 |
WARN: Checks disabled |
|
667 |
Rule added |
|
668 |
||
669 |
||
670 |
99: limit 22/tcp |
|
671 |
WARN: Checks disabled |
|
672 |
Rule added |
|
673 |
Skipping unsupported IPv6 'limit' rule |
|
674 |
||
675 |
||
676 |
100: deny proto tcp from 2001:db8::/32 to any port 25 |
|
677 |
WARN: Checks disabled |
|
678 |
Rule added (v6) |
|
679 |
||
680 |
||
681 |
101: deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 |
|
682 |
WARN: Checks disabled |
|
683 |
Rule added (v6) |
|
684 |
||
685 |
||
686 |
102: status numbered |
|
687 |
WARN: Checks disabled |
|
688 |
Status: active |
|
689 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
690 |
To Action From |
691 |
-- ------ ----
|
|
692 |
[ 1] 53 ALLOW IN Anywhere |
|
693 |
[ 2] 23/tcp ALLOW IN Anywhere |
|
694 |
[ 3] 25/tcp ALLOW IN Anywhere |
|
695 |
[ 4] 80/tcp DENY IN Anywhere |
|
696 |
[ 5] 192.168.0.1 25/tcp DENY IN 10.0.0.0/8 |
|
697 |
[ 6] Anywhere ALLOW IN 10.0.0.0/8 |
|
698 |
[ 7] Anywhere ALLOW IN 172.16.0.0/12 |
|
699 |
[ 8] Anywhere ALLOW IN 192.168.0.0/16 |
|
700 |
[ 9] 514/udp DENY IN 1.2.3.4 |
|
701 |
[10] 1.2.3.4 5469/udp ALLOW IN 1.2.3.5 5469/udp |
|
702 |
[11] 22/tcp LIMIT IN Anywhere |
|
703 |
[12] 53 ALLOW IN Anywhere (v6) |
|
704 |
[13] 23/tcp ALLOW IN Anywhere (v6) |
|
705 |
[14] 25/tcp ALLOW IN Anywhere (v6) |
|
706 |
[15] 80/tcp DENY IN Anywhere (v6) |
|
707 |
[16] 25/tcp DENY IN 2001:db8::/32 |
|
708 |
[17] 2001:db8:3:4:5:6:7:8 DENY IN 2001:db8::/32 26 |
|
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
709 |
|
710 |
||
711 |
||
712 |
103: delete allow 53 |
|
713 |
WARN: Checks disabled |
|
714 |
Rule deleted |
|
715 |
Rule deleted (v6) |
|
716 |
||
717 |
||
718 |
104: delete allow 23/tcp |
|
719 |
WARN: Checks disabled |
|
720 |
Rule deleted |
|
721 |
Rule deleted (v6) |
|
722 |
||
723 |
||
724 |
105: delete allow smtp |
|
725 |
WARN: Checks disabled |
|
726 |
Rule deleted |
|
727 |
Rule deleted (v6) |
|
728 |
||
729 |
||
730 |
106: delete deny proto tcp to any port 80 |
|
731 |
WARN: Checks disabled |
|
732 |
Rule deleted |
|
733 |
Rule deleted (v6) |
|
734 |
||
735 |
||
736 |
107: delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 |
|
737 |
WARN: Checks disabled |
|
738 |
Rule deleted |
|
739 |
||
740 |
||
741 |
108: delete allow from 10.0.0.0/8 |
|
742 |
WARN: Checks disabled |
|
743 |
Rule deleted |
|
744 |
||
745 |
||
746 |
109: delete allow from 172.16.0.0/12 |
|
747 |
WARN: Checks disabled |
|
748 |
Rule deleted |
|
749 |
||
750 |
||
751 |
110: delete allow from 192.168.0.0/16 |
|
752 |
WARN: Checks disabled |
|
753 |
Rule deleted |
|
754 |
||
755 |
||
756 |
111: delete deny proto udp from 1.2.3.4 to any port 514 |
|
757 |
WARN: Checks disabled |
|
758 |
Rule deleted |
|
759 |
||
760 |
||
761 |
112: delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 |
|
762 |
WARN: Checks disabled |
|
763 |
Rule deleted |
|
764 |
||
765 |
||
766 |
113: delete limit 22/tcp |
|
767 |
WARN: Checks disabled |
|
768 |
Rule deleted |
|
769 |
Skipping unsupported IPv6 'limit' rule |
|
770 |
||
771 |
||
772 |
114: delete deny proto tcp from 2001:db8::/32 to any port 25 |
|
773 |
WARN: Checks disabled |
|
774 |
Rule deleted (v6) |
|
775 |
||
776 |
||
777 |
115: delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 |
|
778 |
WARN: Checks disabled |
|
779 |
Rule deleted (v6) |
|
780 |
||
781 |
||
782 |
116: status numbered |
|
783 |
WARN: Checks disabled |
|
784 |
Status: active |
|
785 |
||
786 |
||
787 |
Setting IPV6 to no |
|
788 |
117: disable |
|
789 |
||
790 |
||
791 |
118: enable |
|
792 |
||
793 |
||
794 |
119: allow 53 |
|
795 |
WARN: Checks disabled |
|
796 |
Rule added |
|
797 |
||
798 |
||
799 |
120: allow 23/tcp |
|
800 |
WARN: Checks disabled |
|
801 |
Rule added |
|
802 |
||
803 |
||
804 |
121: allow smtp |
|
805 |
WARN: Checks disabled |
|
806 |
Rule added |
|
807 |
||
808 |
||
809 |
122: deny proto tcp to any port 80 |
|
810 |
WARN: Checks disabled |
|
811 |
Rule added |
|
812 |
||
813 |
||
814 |
123: deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 |
|
815 |
WARN: Checks disabled |
|
816 |
Rule added |
|
817 |
||
818 |
||
819 |
124: allow from 10.0.0.0/8 |
|
820 |
WARN: Checks disabled |
|
821 |
Rule added |
|
822 |
||
823 |
||
824 |
125: allow from 172.16.0.0/12 |
|
825 |
WARN: Checks disabled |
|
826 |
Rule added |
|
827 |
||
828 |
||
829 |
126: allow from 192.168.0.0/16 |
|
830 |
WARN: Checks disabled |
|
831 |
Rule added |
|
832 |
||
833 |
||
834 |
127: deny proto udp from 1.2.3.4 to any port 514 |
|
835 |
WARN: Checks disabled |
|
836 |
Rule added |
|
837 |
||
838 |
||
839 |
128: allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 |
|
840 |
WARN: Checks disabled |
|
841 |
Rule added |
|
842 |
||
843 |
||
844 |
129: limit 22/tcp |
|
845 |
WARN: Checks disabled |
|
846 |
Rule added |
|
847 |
||
848 |
||
849 |
130: status numbered |
|
850 |
WARN: Checks disabled |
|
851 |
Status: active |
|
852 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
853 |
To Action From |
854 |
-- ------ ----
|
|
855 |
[ 1] 53 ALLOW IN Anywhere |
|
856 |
[ 2] 23/tcp ALLOW IN Anywhere |
|
857 |
[ 3] 25/tcp ALLOW IN Anywhere |
|
858 |
[ 4] 80/tcp DENY IN Anywhere |
|
859 |
[ 5] 192.168.0.1 25/tcp DENY IN 10.0.0.0/8 |
|
860 |
[ 6] Anywhere ALLOW IN 10.0.0.0/8 |
|
861 |
[ 7] Anywhere ALLOW IN 172.16.0.0/12 |
|
862 |
[ 8] Anywhere ALLOW IN 192.168.0.0/16 |
|
863 |
[ 9] 514/udp DENY IN 1.2.3.4 |
|
864 |
[10] 1.2.3.4 5469/udp ALLOW IN 1.2.3.5 5469/udp |
|
865 |
[11] 22/tcp LIMIT IN Anywhere |
|
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
866 |
|
867 |
||
868 |
||
869 |
131: delete allow 53 |
|
870 |
WARN: Checks disabled |
|
871 |
Rule deleted |
|
872 |
||
873 |
||
874 |
132: delete allow 23/tcp |
|
875 |
WARN: Checks disabled |
|
876 |
Rule deleted |
|
877 |
||
878 |
||
879 |
133: delete allow smtp |
|
880 |
WARN: Checks disabled |
|
881 |
Rule deleted |
|
882 |
||
883 |
||
884 |
134: delete deny proto tcp to any port 80 |
|
885 |
WARN: Checks disabled |
|
886 |
Rule deleted |
|
887 |
||
888 |
||
889 |
135: delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 |
|
890 |
WARN: Checks disabled |
|
891 |
Rule deleted |
|
892 |
||
893 |
||
894 |
136: delete allow from 10.0.0.0/8 |
|
895 |
WARN: Checks disabled |
|
896 |
Rule deleted |
|
897 |
||
898 |
||
899 |
137: delete allow from 172.16.0.0/12 |
|
900 |
WARN: Checks disabled |
|
901 |
Rule deleted |
|
902 |
||
903 |
||
904 |
138: delete allow from 192.168.0.0/16 |
|
905 |
WARN: Checks disabled |
|
906 |
Rule deleted |
|
907 |
||
908 |
||
909 |
139: delete deny proto udp from 1.2.3.4 to any port 514 |
|
910 |
WARN: Checks disabled |
|
911 |
Rule deleted |
|
912 |
||
913 |
||
914 |
140: delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 |
|
915 |
WARN: Checks disabled |
|
916 |
Rule deleted |
|
917 |
||
918 |
||
919 |
141: delete limit 22/tcp |
|
920 |
WARN: Checks disabled |
|
921 |
Rule deleted |
|
922 |
||
923 |
||
924 |
142: status numbered |
|
925 |
WARN: Checks disabled |
|
926 |
Status: active |
|
927 |
||
928 |
||
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
929 |
Testing interfaces |
930 |
Setting IPV6 to yes |
|
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
931 |
143: disable |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
932 |
|
933 |
||
934 |
144: enable |
|
935 |
||
936 |
||
937 |
145: allow in on eth1 |
|
938 |
WARN: Checks disabled |
|
939 |
Rule added |
|
940 |
Rule added (v6) |
|
941 |
||
942 |
||
943 |
146: deny in on eth1:1 |
|
944 |
||
945 |
||
946 |
147: reject in on eth1 to 192.168.0.1 port 22 |
|
947 |
WARN: Checks disabled |
|
948 |
Rule added |
|
949 |
||
950 |
||
951 |
148: limit in on eth1 from 10.0.0.1 port 80 |
|
952 |
WARN: Checks disabled |
|
953 |
Rule added |
|
954 |
||
955 |
||
956 |
149: allow in on eth1 to 192.168.0.1 from 10.0.0.1 |
|
957 |
WARN: Checks disabled |
|
958 |
Rule added |
|
959 |
||
960 |
||
961 |
150: deny in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 |
|
962 |
WARN: Checks disabled |
|
963 |
Rule added |
|
964 |
||
965 |
||
966 |
151: reject in on eth1 to 192.168.0.1 from 10.0.0.1 port 80 |
|
967 |
WARN: Checks disabled |
|
968 |
Rule added |
|
969 |
||
970 |
||
971 |
152: limit in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 |
|
972 |
WARN: Checks disabled |
|
973 |
Rule added |
|
974 |
||
975 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
976 |
153: allow in on eth0 log |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
977 |
WARN: Checks disabled |
978 |
Rule added |
|
979 |
Rule added (v6) |
|
980 |
||
981 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
982 |
154: allow in on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
983 |
WARN: Checks disabled |
984 |
Rule added |
|
985 |
||
986 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
987 |
155: deny in on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
988 |
WARN: Checks disabled |
989 |
Rule added |
|
990 |
||
991 |
||
992 |
156: allow in on eth0 to any app Samba |
|
993 |
WARN: Checks disabled |
|
994 |
Rule added |
|
995 |
Rule added (v6) |
|
996 |
||
997 |
||
998 |
157: status numbered |
|
999 |
WARN: Checks disabled |
|
1000 |
Status: active |
|
1001 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1002 |
To Action From |
1003 |
-- ------ ----
|
|
1004 |
[ 1] Anywhere on eth1 ALLOW IN Anywhere |
|
1005 |
[ 2] 192.168.0.1 22 on eth1 REJECT IN Anywhere |
|
1006 |
[ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80 |
|
1007 |
[ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1 |
|
1008 |
[ 5] 192.168.0.1 22 on eth1 DENY IN 10.0.0.1 |
|
1009 |
[ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80 |
|
1010 |
[ 7] 192.168.0.1 22 on eth1 LIMIT IN 10.0.0.1 80 |
|
1011 |
[ 8] Anywhere on eth0 ALLOW IN Anywhere (log) |
|
1012 |
[ 9] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log) |
|
1013 |
[10] 10.0.0.1 25/tcp on eth0 DENY IN 192.168.0.1 (log-all) |
|
1014 |
[11] Samba on eth0 ALLOW IN Anywhere |
|
1015 |
[12] Anywhere (v6) on eth1 ALLOW IN Anywhere (v6) |
|
1016 |
[13] Anywhere (v6) on eth0 ALLOW IN Anywhere (v6) (log) |
|
1017 |
[14] Samba (v6) on eth0 ALLOW IN Anywhere (v6) |
|
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1018 |
|
1019 |
||
1020 |
||
1021 |
158: insert 8 allow in on eth2 to any app Samba |
|
1022 |
WARN: Checks disabled |
|
1023 |
Rule inserted |
|
1024 |
Rule inserted (v6) |
|
1025 |
||
1026 |
||
1027 |
159: status numbered |
|
1028 |
WARN: Checks disabled |
|
1029 |
Status: active |
|
1030 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1031 |
To Action From |
1032 |
-- ------ ----
|
|
1033 |
[ 1] Anywhere on eth1 ALLOW IN Anywhere |
|
1034 |
[ 2] 192.168.0.1 22 on eth1 REJECT IN Anywhere |
|
1035 |
[ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80 |
|
1036 |
[ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1 |
|
1037 |
[ 5] 192.168.0.1 22 on eth1 DENY IN 10.0.0.1 |
|
1038 |
[ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80 |
|
1039 |
[ 7] 192.168.0.1 22 on eth1 LIMIT IN 10.0.0.1 80 |
|
1040 |
[ 8] Samba on eth2 ALLOW IN Anywhere |
|
1041 |
[ 9] Anywhere on eth0 ALLOW IN Anywhere (log) |
|
1042 |
[10] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log) |
|
1043 |
[11] 10.0.0.1 25/tcp on eth0 DENY IN 192.168.0.1 (log-all) |
|
1044 |
[12] Samba on eth0 ALLOW IN Anywhere |
|
1045 |
[13] Anywhere (v6) on eth1 ALLOW IN Anywhere (v6) |
|
1046 |
[14] Samba (v6) on eth2 ALLOW IN Anywhere (v6) |
|
1047 |
[15] Anywhere (v6) on eth0 ALLOW IN Anywhere (v6) (log) |
|
1048 |
[16] Samba (v6) on eth0 ALLOW IN Anywhere (v6) |
|
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1049 |
|
1050 |
||
1051 |
||
1052 |
### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_eth1 |
|
1053 |
-A ufw-user-input -i eth1 -j ACCEPT |
|
1054 |
||
1055 |
### tuple ### reject any 22 192.168.0.1 any 0.0.0.0/0 in_eth1 |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1056 |
-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -j REJECT --reject-with tcp-reset |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1057 |
-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT |
1058 |
--
|
|
1059 |
### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth1 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1060 |
-A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set |
1061 |
-A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit |
|
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1062 |
--
|
1063 |
### tuple ### allow any any 192.168.0.1 any 10.0.0.1 in_eth1 |
|
1064 |
-A ufw-user-input -i eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT |
|
1065 |
||
1066 |
### tuple ### deny any 22 192.168.0.1 any 10.0.0.1 in_eth1 |
|
1067 |
-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP |
|
1068 |
-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP |
|
1069 |
--
|
|
1070 |
### tuple ### reject any any 192.168.0.1 80 10.0.0.1 in_eth1 |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1071 |
-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1072 |
-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT |
1073 |
--
|
|
1074 |
### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 in_eth1 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1075 |
-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set |
1076 |
-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit |
|
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1077 |
--
|
1078 |
### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 |
|
1079 |
-A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1080 |
||
1081 |
### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 |
|
1082 |
-A ufw-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1083 |
||
1084 |
### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1085 |
-A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1086 |
-A ufw-user-logging-input -i eth0 -j RETURN |
1087 |
--
|
|
1088 |
### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 in_eth0 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1089 |
-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1090 |
-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN |
1091 |
--
|
|
1092 |
### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 in_eth0 |
|
1093 |
-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " |
|
1094 |
-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN |
|
1095 |
--
|
|
1096 |
### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth0 |
|
1097 |
-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1098 |
||
1099 |
### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth0 |
|
1100 |
-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1101 |
||
1102 |
### tuple ### allow any any ::/0 any ::/0 in_eth1 |
|
1103 |
-A ufw6-user-input -i eth1 -j ACCEPT |
|
1104 |
||
1105 |
### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - in_eth2 |
|
1106 |
-A ufw6-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1107 |
||
1108 |
### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in_eth2 |
|
1109 |
-A ufw6-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1110 |
||
1111 |
### tuple ### allow_log any any ::/0 any ::/0 in_eth0 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1112 |
-A ufw6-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1113 |
-A ufw6-user-logging-input -i eth0 -j RETURN |
1114 |
--
|
|
1115 |
### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - in_eth0 |
|
1116 |
-A ufw6-user-input -i eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1117 |
||
1118 |
### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in_eth0 |
|
1119 |
-A ufw6-user-input -i eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1120 |
||
1121 |
160: delete allow in on eth1 |
|
1122 |
WARN: Checks disabled |
|
1123 |
Rule deleted |
|
1124 |
Rule deleted (v6) |
|
1125 |
||
1126 |
||
1127 |
161: delete reject in on eth1 to 192.168.0.1 port 22 |
|
1128 |
WARN: Checks disabled |
|
1129 |
Rule deleted |
|
1130 |
||
1131 |
||
1132 |
162: delete limit in on eth1 from 10.0.0.1 port 80 |
|
1133 |
WARN: Checks disabled |
|
1134 |
Rule deleted |
|
1135 |
||
1136 |
||
1137 |
163: delete allow in on eth1 to 192.168.0.1 from 10.0.0.1 |
|
1138 |
WARN: Checks disabled |
|
1139 |
Rule deleted |
|
1140 |
||
1141 |
||
1142 |
164: delete deny in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 |
|
1143 |
WARN: Checks disabled |
|
1144 |
Rule deleted |
|
1145 |
||
1146 |
||
1147 |
165: delete reject in on eth1 to 192.168.0.1 from 10.0.0.1 port 80 |
|
1148 |
WARN: Checks disabled |
|
1149 |
Rule deleted |
|
1150 |
||
1151 |
||
1152 |
166: delete limit in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 |
|
1153 |
WARN: Checks disabled |
|
1154 |
Rule deleted |
|
1155 |
||
1156 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1157 |
167: delete allow in on eth0 log |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1158 |
WARN: Checks disabled |
1159 |
Rule deleted |
|
1160 |
Rule deleted (v6) |
|
1161 |
||
1162 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1163 |
168: delete allow in on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1164 |
WARN: Checks disabled |
1165 |
Rule deleted |
|
1166 |
||
1167 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1168 |
169: delete deny in on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1169 |
WARN: Checks disabled |
1170 |
Rule deleted |
|
1171 |
||
1172 |
||
1173 |
170: delete allow in on eth0 to any app Samba |
|
1174 |
WARN: Checks disabled |
|
1175 |
Rule deleted |
|
1176 |
Rule deleted (v6) |
|
1177 |
||
1178 |
||
1179 |
171: delete allow in on eth2 to any app Samba |
|
1180 |
WARN: Checks disabled |
|
1181 |
Rule deleted |
|
1182 |
Rule deleted (v6) |
|
1183 |
||
1184 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1185 |
Setting IPV6 to yes |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1186 |
172: disable |
1187 |
||
1188 |
||
1189 |
173: enable |
|
1190 |
||
1191 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1192 |
174: allow out on eth1 |
1193 |
WARN: Checks disabled |
|
1194 |
Rule added |
|
1195 |
Rule added (v6) |
|
1196 |
||
1197 |
||
1198 |
175: deny out on eth1:1 |
|
1199 |
||
1200 |
||
1201 |
176: reject out on eth1 to 192.168.0.1 port 22 |
|
1202 |
WARN: Checks disabled |
|
1203 |
Rule added |
|
1204 |
||
1205 |
||
1206 |
177: limit out on eth1 from 10.0.0.1 port 80 |
|
1207 |
WARN: Checks disabled |
|
1208 |
Rule added |
|
1209 |
||
1210 |
||
1211 |
178: allow out on eth1 to 192.168.0.1 from 10.0.0.1 |
|
1212 |
WARN: Checks disabled |
|
1213 |
Rule added |
|
1214 |
||
1215 |
||
1216 |
179: deny out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 |
|
1217 |
WARN: Checks disabled |
|
1218 |
Rule added |
|
1219 |
||
1220 |
||
1221 |
180: reject out on eth1 to 192.168.0.1 from 10.0.0.1 port 80 |
|
1222 |
WARN: Checks disabled |
|
1223 |
Rule added |
|
1224 |
||
1225 |
||
1226 |
181: limit out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 |
|
1227 |
WARN: Checks disabled |
|
1228 |
Rule added |
|
1229 |
||
1230 |
||
1231 |
182: allow out on eth0 log |
|
1232 |
WARN: Checks disabled |
|
1233 |
Rule added |
|
1234 |
Rule added (v6) |
|
1235 |
||
1236 |
||
1237 |
183: allow out on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp |
|
1238 |
WARN: Checks disabled |
|
1239 |
Rule added |
|
1240 |
||
1241 |
||
1242 |
184: deny out on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp |
|
1243 |
WARN: Checks disabled |
|
1244 |
Rule added |
|
1245 |
||
1246 |
||
1247 |
185: allow out on eth0 to any app Samba |
|
1248 |
WARN: Checks disabled |
|
1249 |
Rule added |
|
1250 |
Rule added (v6) |
|
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1251 |
|
1252 |
||
1253 |
186: status numbered |
|
1254 |
WARN: Checks disabled |
|
1255 |
Status: active |
|
1256 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1257 |
To Action From |
1258 |
-- ------ ----
|
|
1259 |
[ 1] Anywhere ALLOW OUT Anywhere on eth1 (out) |
|
1260 |
[ 2] 192.168.0.1 22 REJECT OUT Anywhere on eth1 (out) |
|
1261 |
[ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out) |
|
1262 |
[ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out) |
|
1263 |
[ 5] 192.168.0.1 22 DENY OUT 10.0.0.1 on eth1 (out) |
|
1264 |
[ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out) |
|
1265 |
[ 7] 192.168.0.1 22 LIMIT OUT 10.0.0.1 80 on eth1 (out) |
|
1266 |
[ 8] Anywhere ALLOW OUT Anywhere on eth0 (log, out) |
|
1267 |
[ 9] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out) |
|
1268 |
[10] 10.0.0.1 25/tcp DENY OUT 192.168.0.1 on eth0 (log-all, out) |
|
1269 |
[11] Samba ALLOW OUT Anywhere on eth0 (out) |
|
1270 |
[12] Anywhere (v6) ALLOW OUT Anywhere (v6) on eth1 (out) |
|
1271 |
[13] Anywhere (v6) ALLOW OUT Anywhere (v6) on eth0 (log, out) |
|
1272 |
[14] Samba (v6) ALLOW OUT Anywhere (v6) on eth0 (out) |
|
1273 |
||
1274 |
||
1275 |
||
1276 |
187: insert 8 allow out on eth2 to any app Samba |
|
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1277 |
WARN: Checks disabled |
1278 |
Rule inserted |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1279 |
Rule inserted (v6) |
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1280 |
|
1281 |
||
1282 |
188: status numbered |
|
1283 |
WARN: Checks disabled |
|
1284 |
Status: active |
|
1285 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1286 |
To Action From |
1287 |
-- ------ ----
|
|
1288 |
[ 1] Anywhere ALLOW OUT Anywhere on eth1 (out) |
|
1289 |
[ 2] 192.168.0.1 22 REJECT OUT Anywhere on eth1 (out) |
|
1290 |
[ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out) |
|
1291 |
[ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out) |
|
1292 |
[ 5] 192.168.0.1 22 DENY OUT 10.0.0.1 on eth1 (out) |
|
1293 |
[ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out) |
|
1294 |
[ 7] 192.168.0.1 22 LIMIT OUT 10.0.0.1 80 on eth1 (out) |
|
1295 |
[ 8] Samba ALLOW OUT Anywhere on eth2 (out) |
|
1296 |
[ 9] Anywhere ALLOW OUT Anywhere on eth0 (log, out) |
|
1297 |
[10] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out) |
|
1298 |
[11] 10.0.0.1 25/tcp DENY OUT 192.168.0.1 on eth0 (log-all, out) |
|
1299 |
[12] Samba ALLOW OUT Anywhere on eth0 (out) |
|
1300 |
[13] Anywhere (v6) ALLOW OUT Anywhere (v6) on eth1 (out) |
|
1301 |
[14] Samba (v6) ALLOW OUT Anywhere (v6) on eth2 (out) |
|
1302 |
[15] Anywhere (v6) ALLOW OUT Anywhere (v6) on eth0 (log, out) |
|
1303 |
[16] Samba (v6) ALLOW OUT Anywhere (v6) on eth0 (out) |
|
1304 |
||
1305 |
||
1306 |
||
1307 |
### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_eth1 |
|
1308 |
-A ufw-user-output -o eth1 -j ACCEPT |
|
1309 |
||
1310 |
### tuple ### reject any 22 192.168.0.1 any 0.0.0.0/0 out_eth1 |
|
1311 |
-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -j REJECT --reject-with tcp-reset |
|
1312 |
-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT |
|
1313 |
--
|
|
1314 |
### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth1 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1315 |
-A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set |
1316 |
-A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1317 |
--
|
1318 |
### tuple ### allow any any 192.168.0.1 any 10.0.0.1 out_eth1 |
|
1319 |
-A ufw-user-output -o eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT |
|
1320 |
||
1321 |
### tuple ### deny any 22 192.168.0.1 any 10.0.0.1 out_eth1 |
|
1322 |
-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP |
|
1323 |
-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP |
|
1324 |
--
|
|
1325 |
### tuple ### reject any any 192.168.0.1 80 10.0.0.1 out_eth1 |
|
1326 |
-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset |
|
1327 |
-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT |
|
1328 |
--
|
|
1329 |
### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 out_eth1 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1330 |
-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set |
1331 |
-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1332 |
--
|
1333 |
### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 |
|
1334 |
-A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1335 |
||
1336 |
### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 |
|
1337 |
-A ufw-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1338 |
||
1339 |
### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1340 |
-A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " |
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1341 |
-A ufw-user-logging-output -o eth0 -j RETURN |
1342 |
--
|
|
1343 |
### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 out_eth0 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1344 |
-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " |
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1345 |
-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN |
1346 |
--
|
|
1347 |
### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 out_eth0 |
|
1348 |
-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " |
|
1349 |
-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN |
|
1350 |
--
|
|
1351 |
### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth0 |
|
1352 |
-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1353 |
||
1354 |
### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth0 |
|
1355 |
-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1356 |
||
1357 |
### tuple ### allow any any ::/0 any ::/0 out_eth1 |
|
1358 |
-A ufw6-user-output -o eth1 -j ACCEPT |
|
1359 |
||
1360 |
### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - out_eth2 |
|
1361 |
-A ufw6-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1362 |
||
1363 |
### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - out_eth2 |
|
1364 |
-A ufw6-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1365 |
||
1366 |
### tuple ### allow_log any any ::/0 any ::/0 out_eth0 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1367 |
-A ufw6-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " |
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1368 |
-A ufw6-user-logging-output -o eth0 -j RETURN |
1369 |
--
|
|
1370 |
### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - out_eth0 |
|
1371 |
-A ufw6-user-output -o eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1372 |
||
1373 |
### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - out_eth0 |
|
1374 |
-A ufw6-user-output -o eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1375 |
||
1376 |
189: delete allow out on eth1 |
|
1377 |
WARN: Checks disabled |
|
1378 |
Rule deleted |
|
1379 |
Rule deleted (v6) |
|
1380 |
||
1381 |
||
1382 |
190: delete reject out on eth1 to 192.168.0.1 port 22 |
|
1383 |
WARN: Checks disabled |
|
1384 |
Rule deleted |
|
1385 |
||
1386 |
||
1387 |
191: delete limit out on eth1 from 10.0.0.1 port 80 |
|
1388 |
WARN: Checks disabled |
|
1389 |
Rule deleted |
|
1390 |
||
1391 |
||
1392 |
192: delete allow out on eth1 to 192.168.0.1 from 10.0.0.1 |
|
1393 |
WARN: Checks disabled |
|
1394 |
Rule deleted |
|
1395 |
||
1396 |
||
1397 |
193: delete deny out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 |
|
1398 |
WARN: Checks disabled |
|
1399 |
Rule deleted |
|
1400 |
||
1401 |
||
1402 |
194: delete reject out on eth1 to 192.168.0.1 from 10.0.0.1 port 80 |
|
1403 |
WARN: Checks disabled |
|
1404 |
Rule deleted |
|
1405 |
||
1406 |
||
1407 |
195: delete limit out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 |
|
1408 |
WARN: Checks disabled |
|
1409 |
Rule deleted |
|
1410 |
||
1411 |
||
1412 |
196: delete allow out on eth0 log |
|
1413 |
WARN: Checks disabled |
|
1414 |
Rule deleted |
|
1415 |
Rule deleted (v6) |
|
1416 |
||
1417 |
||
1418 |
197: delete allow out on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp |
|
1419 |
WARN: Checks disabled |
|
1420 |
Rule deleted |
|
1421 |
||
1422 |
||
1423 |
198: delete deny out on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp |
|
1424 |
WARN: Checks disabled |
|
1425 |
Rule deleted |
|
1426 |
||
1427 |
||
1428 |
199: delete allow out on eth0 to any app Samba |
|
1429 |
WARN: Checks disabled |
|
1430 |
Rule deleted |
|
1431 |
Rule deleted (v6) |
|
1432 |
||
1433 |
||
1434 |
200: delete allow out on eth2 to any app Samba |
|
1435 |
WARN: Checks disabled |
|
1436 |
Rule deleted |
|
1437 |
Rule deleted (v6) |
|
1438 |
||
1439 |
||
1440 |
Setting IPV6 to no |
|
0.2.1
by Jamie Strandboge
Import upstream version 0.28 |
1441 |
201: disable |
0.1.1
by Jamie Strandboge
Import upstream version 0.27.1 |
1442 |
|
1443 |
||
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1444 |
202: enable |
1445 |
||
1446 |
||
1447 |
203: allow in on eth1 |
|
1448 |
WARN: Checks disabled |
|
1449 |
Rule added |
|
1450 |
||
1451 |
||
1452 |
204: deny in on eth1:1 |
|
1453 |
||
1454 |
||
1455 |
205: reject in on eth1 to 192.168.0.1 port 22 |
|
1456 |
WARN: Checks disabled |
|
1457 |
Rule added |
|
1458 |
||
1459 |
||
1460 |
206: limit in on eth1 from 10.0.0.1 port 80 |
|
1461 |
WARN: Checks disabled |
|
1462 |
Rule added |
|
1463 |
||
1464 |
||
1465 |
207: allow in on eth1 to 192.168.0.1 from 10.0.0.1 |
|
1466 |
WARN: Checks disabled |
|
1467 |
Rule added |
|
1468 |
||
1469 |
||
1470 |
208: deny in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 |
|
1471 |
WARN: Checks disabled |
|
1472 |
Rule added |
|
1473 |
||
1474 |
||
1475 |
209: reject in on eth1 to 192.168.0.1 from 10.0.0.1 port 80 |
|
1476 |
WARN: Checks disabled |
|
1477 |
Rule added |
|
1478 |
||
1479 |
||
1480 |
210: limit in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 |
|
1481 |
WARN: Checks disabled |
|
1482 |
Rule added |
|
1483 |
||
1484 |
||
1485 |
211: allow in on eth0 log |
|
1486 |
WARN: Checks disabled |
|
1487 |
Rule added |
|
1488 |
||
1489 |
||
1490 |
212: allow in on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp |
|
1491 |
WARN: Checks disabled |
|
1492 |
Rule added |
|
1493 |
||
1494 |
||
1495 |
213: deny in on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp |
|
1496 |
WARN: Checks disabled |
|
1497 |
Rule added |
|
1498 |
||
1499 |
||
1500 |
214: allow in on eth0 to any app Samba |
|
1501 |
WARN: Checks disabled |
|
1502 |
Rule added |
|
1503 |
||
1504 |
||
1505 |
215: status numbered |
|
1506 |
WARN: Checks disabled |
|
1507 |
Status: active |
|
1508 |
||
1509 |
To Action From |
|
1510 |
-- ------ ----
|
|
1511 |
[ 1] Anywhere on eth1 ALLOW IN Anywhere |
|
1512 |
[ 2] 192.168.0.1 22 on eth1 REJECT IN Anywhere |
|
1513 |
[ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80 |
|
1514 |
[ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1 |
|
1515 |
[ 5] 192.168.0.1 22 on eth1 DENY IN 10.0.0.1 |
|
1516 |
[ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80 |
|
1517 |
[ 7] 192.168.0.1 22 on eth1 LIMIT IN 10.0.0.1 80 |
|
1518 |
[ 8] Anywhere on eth0 ALLOW IN Anywhere (log) |
|
1519 |
[ 9] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log) |
|
1520 |
[10] 10.0.0.1 25/tcp on eth0 DENY IN 192.168.0.1 (log-all) |
|
1521 |
[11] Samba on eth0 ALLOW IN Anywhere |
|
1522 |
||
1523 |
||
1524 |
||
1525 |
216: insert 8 allow in on eth2 to any app Samba |
|
1526 |
WARN: Checks disabled |
|
1527 |
Rule inserted |
|
1528 |
||
1529 |
||
1530 |
217: status numbered |
|
1531 |
WARN: Checks disabled |
|
1532 |
Status: active |
|
1533 |
||
1534 |
To Action From |
|
1535 |
-- ------ ----
|
|
1536 |
[ 1] Anywhere on eth1 ALLOW IN Anywhere |
|
1537 |
[ 2] 192.168.0.1 22 on eth1 REJECT IN Anywhere |
|
1538 |
[ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80 |
|
1539 |
[ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1 |
|
1540 |
[ 5] 192.168.0.1 22 on eth1 DENY IN 10.0.0.1 |
|
1541 |
[ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80 |
|
1542 |
[ 7] 192.168.0.1 22 on eth1 LIMIT IN 10.0.0.1 80 |
|
1543 |
[ 8] Samba on eth2 ALLOW IN Anywhere |
|
1544 |
[ 9] Anywhere on eth0 ALLOW IN Anywhere (log) |
|
1545 |
[10] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log) |
|
1546 |
[11] 10.0.0.1 25/tcp on eth0 DENY IN 192.168.0.1 (log-all) |
|
1547 |
[12] Samba on eth0 ALLOW IN Anywhere |
|
1548 |
||
1549 |
||
1550 |
||
1551 |
### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_eth1 |
|
1552 |
-A ufw-user-input -i eth1 -j ACCEPT |
|
1553 |
||
1554 |
### tuple ### reject any 22 192.168.0.1 any 0.0.0.0/0 in_eth1 |
|
1555 |
-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -j REJECT --reject-with tcp-reset |
|
1556 |
-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT |
|
1557 |
--
|
|
1558 |
### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth1 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1559 |
-A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set |
1560 |
-A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1561 |
--
|
1562 |
### tuple ### allow any any 192.168.0.1 any 10.0.0.1 in_eth1 |
|
1563 |
-A ufw-user-input -i eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT |
|
1564 |
||
1565 |
### tuple ### deny any 22 192.168.0.1 any 10.0.0.1 in_eth1 |
|
1566 |
-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP |
|
1567 |
-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP |
|
1568 |
--
|
|
1569 |
### tuple ### reject any any 192.168.0.1 80 10.0.0.1 in_eth1 |
|
1570 |
-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset |
|
1571 |
-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT |
|
1572 |
--
|
|
1573 |
### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 in_eth1 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1574 |
-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set |
1575 |
-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1576 |
--
|
1577 |
### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 |
|
1578 |
-A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1579 |
||
1580 |
### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 |
|
1581 |
-A ufw-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1582 |
||
1583 |
### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1584 |
-A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " |
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1585 |
-A ufw-user-logging-input -i eth0 -j RETURN |
1586 |
--
|
|
1587 |
### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 in_eth0 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1588 |
-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " |
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1589 |
-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN |
1590 |
--
|
|
1591 |
### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 in_eth0 |
|
1592 |
-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " |
|
1593 |
-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN |
|
1594 |
--
|
|
1595 |
### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth0 |
|
1596 |
-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1597 |
||
1598 |
### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth0 |
|
1599 |
-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1600 |
||
1601 |
218: delete allow in on eth1 |
|
1602 |
WARN: Checks disabled |
|
1603 |
Rule deleted |
|
1604 |
||
1605 |
||
1606 |
219: delete reject in on eth1 to 192.168.0.1 port 22 |
|
1607 |
WARN: Checks disabled |
|
1608 |
Rule deleted |
|
1609 |
||
1610 |
||
1611 |
220: delete limit in on eth1 from 10.0.0.1 port 80 |
|
1612 |
WARN: Checks disabled |
|
1613 |
Rule deleted |
|
1614 |
||
1615 |
||
1616 |
221: delete allow in on eth1 to 192.168.0.1 from 10.0.0.1 |
|
1617 |
WARN: Checks disabled |
|
1618 |
Rule deleted |
|
1619 |
||
1620 |
||
1621 |
222: delete deny in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 |
|
1622 |
WARN: Checks disabled |
|
1623 |
Rule deleted |
|
1624 |
||
1625 |
||
1626 |
223: delete reject in on eth1 to 192.168.0.1 from 10.0.0.1 port 80 |
|
1627 |
WARN: Checks disabled |
|
1628 |
Rule deleted |
|
1629 |
||
1630 |
||
1631 |
224: delete limit in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 |
|
1632 |
WARN: Checks disabled |
|
1633 |
Rule deleted |
|
1634 |
||
1635 |
||
1636 |
225: delete allow in on eth0 log |
|
1637 |
WARN: Checks disabled |
|
1638 |
Rule deleted |
|
1639 |
||
1640 |
||
1641 |
226: delete allow in on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp |
|
1642 |
WARN: Checks disabled |
|
1643 |
Rule deleted |
|
1644 |
||
1645 |
||
1646 |
227: delete deny in on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp |
|
1647 |
WARN: Checks disabled |
|
1648 |
Rule deleted |
|
1649 |
||
1650 |
||
1651 |
228: delete allow in on eth0 to any app Samba |
|
1652 |
WARN: Checks disabled |
|
1653 |
Rule deleted |
|
1654 |
||
1655 |
||
1656 |
229: delete allow in on eth2 to any app Samba |
|
1657 |
WARN: Checks disabled |
|
1658 |
Rule deleted |
|
1659 |
||
1660 |
||
1661 |
Setting IPV6 to no |
|
1662 |
230: disable |
|
1663 |
||
1664 |
||
1665 |
231: enable |
|
1666 |
||
1667 |
||
1668 |
232: allow out on eth1 |
|
1669 |
WARN: Checks disabled |
|
1670 |
Rule added |
|
1671 |
||
1672 |
||
1673 |
233: deny out on eth1:1 |
|
1674 |
||
1675 |
||
1676 |
234: reject out on eth1 to 192.168.0.1 port 22 |
|
1677 |
WARN: Checks disabled |
|
1678 |
Rule added |
|
1679 |
||
1680 |
||
1681 |
235: limit out on eth1 from 10.0.0.1 port 80 |
|
1682 |
WARN: Checks disabled |
|
1683 |
Rule added |
|
1684 |
||
1685 |
||
1686 |
236: allow out on eth1 to 192.168.0.1 from 10.0.0.1 |
|
1687 |
WARN: Checks disabled |
|
1688 |
Rule added |
|
1689 |
||
1690 |
||
1691 |
237: deny out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 |
|
1692 |
WARN: Checks disabled |
|
1693 |
Rule added |
|
1694 |
||
1695 |
||
1696 |
238: reject out on eth1 to 192.168.0.1 from 10.0.0.1 port 80 |
|
1697 |
WARN: Checks disabled |
|
1698 |
Rule added |
|
1699 |
||
1700 |
||
1701 |
239: limit out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 |
|
1702 |
WARN: Checks disabled |
|
1703 |
Rule added |
|
1704 |
||
1705 |
||
1706 |
240: allow out on eth0 log |
|
1707 |
WARN: Checks disabled |
|
1708 |
Rule added |
|
1709 |
||
1710 |
||
1711 |
241: allow out on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp |
|
1712 |
WARN: Checks disabled |
|
1713 |
Rule added |
|
1714 |
||
1715 |
||
1716 |
242: deny out on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp |
|
1717 |
WARN: Checks disabled |
|
1718 |
Rule added |
|
1719 |
||
1720 |
||
1721 |
243: allow out on eth0 to any app Samba |
|
1722 |
WARN: Checks disabled |
|
1723 |
Rule added |
|
1724 |
||
1725 |
||
1726 |
244: status numbered |
|
1727 |
WARN: Checks disabled |
|
1728 |
Status: active |
|
1729 |
||
1730 |
To Action From |
|
1731 |
-- ------ ----
|
|
1732 |
[ 1] Anywhere ALLOW OUT Anywhere on eth1 (out) |
|
1733 |
[ 2] 192.168.0.1 22 REJECT OUT Anywhere on eth1 (out) |
|
1734 |
[ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out) |
|
1735 |
[ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out) |
|
1736 |
[ 5] 192.168.0.1 22 DENY OUT 10.0.0.1 on eth1 (out) |
|
1737 |
[ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out) |
|
1738 |
[ 7] 192.168.0.1 22 LIMIT OUT 10.0.0.1 80 on eth1 (out) |
|
1739 |
[ 8] Anywhere ALLOW OUT Anywhere on eth0 (log, out) |
|
1740 |
[ 9] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out) |
|
1741 |
[10] 10.0.0.1 25/tcp DENY OUT 192.168.0.1 on eth0 (log-all, out) |
|
1742 |
[11] Samba ALLOW OUT Anywhere on eth0 (out) |
|
1743 |
||
1744 |
||
1745 |
||
1746 |
245: insert 8 allow out on eth2 to any app Samba |
|
1747 |
WARN: Checks disabled |
|
1748 |
Rule inserted |
|
1749 |
||
1750 |
||
1751 |
246: status numbered |
|
1752 |
WARN: Checks disabled |
|
1753 |
Status: active |
|
1754 |
||
1755 |
To Action From |
|
1756 |
-- ------ ----
|
|
1757 |
[ 1] Anywhere ALLOW OUT Anywhere on eth1 (out) |
|
1758 |
[ 2] 192.168.0.1 22 REJECT OUT Anywhere on eth1 (out) |
|
1759 |
[ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out) |
|
1760 |
[ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out) |
|
1761 |
[ 5] 192.168.0.1 22 DENY OUT 10.0.0.1 on eth1 (out) |
|
1762 |
[ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out) |
|
1763 |
[ 7] 192.168.0.1 22 LIMIT OUT 10.0.0.1 80 on eth1 (out) |
|
1764 |
[ 8] Samba ALLOW OUT Anywhere on eth2 (out) |
|
1765 |
[ 9] Anywhere ALLOW OUT Anywhere on eth0 (log, out) |
|
1766 |
[10] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out) |
|
1767 |
[11] 10.0.0.1 25/tcp DENY OUT 192.168.0.1 on eth0 (log-all, out) |
|
1768 |
[12] Samba ALLOW OUT Anywhere on eth0 (out) |
|
1769 |
||
1770 |
||
1771 |
||
1772 |
### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_eth1 |
|
1773 |
-A ufw-user-output -o eth1 -j ACCEPT |
|
1774 |
||
1775 |
### tuple ### reject any 22 192.168.0.1 any 0.0.0.0/0 out_eth1 |
|
1776 |
-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -j REJECT --reject-with tcp-reset |
|
1777 |
-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT |
|
1778 |
--
|
|
1779 |
### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth1 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1780 |
-A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set |
1781 |
-A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1782 |
--
|
1783 |
### tuple ### allow any any 192.168.0.1 any 10.0.0.1 out_eth1 |
|
1784 |
-A ufw-user-output -o eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT |
|
1785 |
||
1786 |
### tuple ### deny any 22 192.168.0.1 any 10.0.0.1 out_eth1 |
|
1787 |
-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP |
|
1788 |
-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP |
|
1789 |
--
|
|
1790 |
### tuple ### reject any any 192.168.0.1 80 10.0.0.1 out_eth1 |
|
1791 |
-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset |
|
1792 |
-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT |
|
1793 |
--
|
|
1794 |
### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 out_eth1 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1795 |
-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set |
1796 |
-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit |
|
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1797 |
--
|
1798 |
### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 |
|
1799 |
-A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1800 |
||
1801 |
### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 |
|
1802 |
-A ufw-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1803 |
||
1804 |
### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1805 |
-A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " |
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1806 |
-A ufw-user-logging-output -o eth0 -j RETURN |
1807 |
--
|
|
1808 |
### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 out_eth0 |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1809 |
-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " |
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1810 |
-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN |
1811 |
--
|
|
1812 |
### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 out_eth0 |
|
1813 |
-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " |
|
1814 |
-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN |
|
1815 |
--
|
|
1816 |
### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth0 |
|
1817 |
-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1818 |
||
1819 |
### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth0 |
|
1820 |
-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' |
|
1821 |
||
1822 |
247: delete allow out on eth1 |
|
1823 |
WARN: Checks disabled |
|
1824 |
Rule deleted |
|
1825 |
||
1826 |
||
1827 |
248: delete reject out on eth1 to 192.168.0.1 port 22 |
|
1828 |
WARN: Checks disabled |
|
1829 |
Rule deleted |
|
1830 |
||
1831 |
||
1832 |
249: delete limit out on eth1 from 10.0.0.1 port 80 |
|
1833 |
WARN: Checks disabled |
|
1834 |
Rule deleted |
|
1835 |
||
1836 |
||
1837 |
250: delete allow out on eth1 to 192.168.0.1 from 10.0.0.1 |
|
1838 |
WARN: Checks disabled |
|
1839 |
Rule deleted |
|
1840 |
||
1841 |
||
1842 |
251: delete deny out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 |
|
1843 |
WARN: Checks disabled |
|
1844 |
Rule deleted |
|
1845 |
||
1846 |
||
1847 |
252: delete reject out on eth1 to 192.168.0.1 from 10.0.0.1 port 80 |
|
1848 |
WARN: Checks disabled |
|
1849 |
Rule deleted |
|
1850 |
||
1851 |
||
1852 |
253: delete limit out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 |
|
1853 |
WARN: Checks disabled |
|
1854 |
Rule deleted |
|
1855 |
||
1856 |
||
1857 |
254: delete allow out on eth0 log |
|
1858 |
WARN: Checks disabled |
|
1859 |
Rule deleted |
|
1860 |
||
1861 |
||
1862 |
255: delete allow out on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp |
|
1863 |
WARN: Checks disabled |
|
1864 |
Rule deleted |
|
1865 |
||
1866 |
||
1867 |
256: delete deny out on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp |
|
1868 |
WARN: Checks disabled |
|
1869 |
Rule deleted |
|
1870 |
||
1871 |
||
1872 |
257: delete allow out on eth0 to any app Samba |
|
1873 |
WARN: Checks disabled |
|
1874 |
Rule deleted |
|
1875 |
||
1876 |
||
1877 |
258: delete allow out on eth2 to any app Samba |
|
1878 |
WARN: Checks disabled |
|
1879 |
Rule deleted |
|
1880 |
||
1881 |
||
0.4.2
by Jamie Strandboge
Import upstream version 0.29.1 |
1882 |
Compare enable and ufw-init |
30.1.6
by Jamie Strandboge
Import upstream version 0.29 |
1883 |
259: disable |
30.1.3
by Jamie Strandboge
Import upstream version 0.27~r416 |
1884 |
|
1885 |
||
30.1.8
by Jamie Strandboge
Import upstream version 0.29.3 |
1886 |
260: allow 23/tcp |
1887 |
||
1888 |
||
1889 |
261: logging medium |
|
1890 |
||
1891 |
||
1892 |
262: enable |
|
0.4.2
by Jamie Strandboge
Import upstream version 0.29.1 |
1893 |
|
1894 |
||
1895 |
263: disable |
|
1896 |
||
1897 |
||
1898 |
264: tests/testarea/lib/ufw/ufw-init start |
|
1899 |
||
1900 |
||
1901 |
265: tests/testarea/lib/ufw/ufw-init stop |
|
1902 |
||
1903 |
||
1904 |
266: enable |
|
1905 |
||
1906 |
||
1907 |
267: delete allow 23/tcp |
|
1908 |
||
1909 |
||
1910 |
268: logging low |
|
1911 |
||
1912 |
||
1913 |
269: disable |
|
1914 |
||
1915 |
||
30.1.8
by Jamie Strandboge
Import upstream version 0.29.3 |
1916 |
Verify toplevel chains |
1917 |
270: logging off |
|
1918 |
||
1919 |
||
1920 |
271: disable |
|
1921 |
||
1922 |
||
1923 |
272: enable |
|
1924 |
||
1925 |
||
1926 |
273: iptables -L INPUT -n | egrep -q 'ufw-before-logging-input' |
|
1927 |
||
1928 |
||
1929 |
274: iptables -L INPUT -n | egrep -q 'ufw-before-input' |
|
1930 |
||
1931 |
||
1932 |
275: iptables -L INPUT -n | egrep -q 'ufw-after-input' |
|
1933 |
||
1934 |
||
1935 |
276: iptables -L INPUT -n | egrep -q 'ufw-after-logging-input' |
|
1936 |
||
1937 |
||
1938 |
277: iptables -L INPUT -n | egrep -q 'ufw-reject-input' |
|
1939 |
||
1940 |
||
1941 |
278: iptables -L INPUT -n | egrep -q 'ufw-track-input' |
|
1942 |
||
1943 |
||
1944 |
279: iptables -L OUTPUT -n | egrep -q 'ufw-before-logging-output' |
|
1945 |
||
1946 |
||
1947 |
280: iptables -L OUTPUT -n | egrep -q 'ufw-before-output' |
|
1948 |
||
1949 |
||
1950 |
281: iptables -L OUTPUT -n | egrep -q 'ufw-after-output' |
|
1951 |
||
1952 |
||
1953 |
282: iptables -L OUTPUT -n | egrep -q 'ufw-after-logging-output' |
|
1954 |
||
1955 |
||
1956 |
283: iptables -L OUTPUT -n | egrep -q 'ufw-reject-output' |
|
1957 |
||
1958 |
||
1959 |
284: iptables -L OUTPUT -n | egrep -q 'ufw-track-output' |
|
1960 |
||
1961 |
||
1962 |
285: iptables -L FORWARD -n | egrep -q 'ufw-before-logging-forward' |
|
1963 |
||
1964 |
||
1965 |
286: iptables -L FORWARD -n | egrep -q 'ufw-before-forward' |
|
1966 |
||
1967 |
||
1968 |
287: iptables -L FORWARD -n | egrep -q 'ufw-after-forward' |
|
1969 |
||
1970 |
||
1971 |
288: iptables -L FORWARD -n | egrep -q 'ufw-after-logging-forward' |
|
1972 |
||
1973 |
||
1974 |
289: iptables -L FORWARD -n | egrep -q 'ufw-reject-forward' |
|
1975 |
||
1976 |
||
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
1977 |
290: iptables -L FORWARD -n | egrep -q 'ufw-track-forward' |
1978 |
||
1979 |
||
1980 |
291: logging on |
|
1981 |
||
1982 |
||
1983 |
292: disable |
|
1984 |
||
1985 |
||
1986 |
293: enable |
|
1987 |
||
1988 |
||
1989 |
294: iptables -L INPUT -n | egrep -q 'ufw-before-logging-input' |
|
1990 |
||
1991 |
||
1992 |
295: iptables -L INPUT -n | egrep -q 'ufw-before-input' |
|
1993 |
||
1994 |
||
1995 |
296: iptables -L INPUT -n | egrep -q 'ufw-after-input' |
|
1996 |
||
1997 |
||
1998 |
297: iptables -L INPUT -n | egrep -q 'ufw-after-logging-input' |
|
1999 |
||
2000 |
||
2001 |
298: iptables -L INPUT -n | egrep -q 'ufw-reject-input' |
|
2002 |
||
2003 |
||
2004 |
299: iptables -L INPUT -n | egrep -q 'ufw-track-input' |
|
2005 |
||
2006 |
||
2007 |
300: iptables -L OUTPUT -n | egrep -q 'ufw-before-logging-output' |
|
2008 |
||
2009 |
||
2010 |
301: iptables -L OUTPUT -n | egrep -q 'ufw-before-output' |
|
2011 |
||
2012 |
||
2013 |
302: iptables -L OUTPUT -n | egrep -q 'ufw-after-output' |
|
2014 |
||
2015 |
||
2016 |
303: iptables -L OUTPUT -n | egrep -q 'ufw-after-logging-output' |
|
2017 |
||
2018 |
||
2019 |
304: iptables -L OUTPUT -n | egrep -q 'ufw-reject-output' |
|
2020 |
||
2021 |
||
2022 |
305: iptables -L OUTPUT -n | egrep -q 'ufw-track-output' |
|
2023 |
||
2024 |
||
2025 |
306: iptables -L FORWARD -n | egrep -q 'ufw-before-logging-forward' |
|
2026 |
||
2027 |
||
2028 |
307: iptables -L FORWARD -n | egrep -q 'ufw-before-forward' |
|
2029 |
||
2030 |
||
2031 |
308: iptables -L FORWARD -n | egrep -q 'ufw-after-forward' |
|
2032 |
||
2033 |
||
2034 |
309: iptables -L FORWARD -n | egrep -q 'ufw-after-logging-forward' |
|
2035 |
||
2036 |
||
2037 |
310: iptables -L FORWARD -n | egrep -q 'ufw-reject-forward' |
|
2038 |
||
2039 |
||
2040 |
311: iptables -L FORWARD -n | egrep -q 'ufw-track-forward' |
|
2041 |
||
2042 |
||
2043 |
312: logging low |
|
2044 |
||
2045 |
||
2046 |
313: disable |
|
2047 |
||
2048 |
||
2049 |
314: enable |
|
2050 |
||
2051 |
||
2052 |
315: iptables -L INPUT -n | egrep -q 'ufw-before-logging-input' |
|
2053 |
||
2054 |
||
2055 |
316: iptables -L INPUT -n | egrep -q 'ufw-before-input' |
|
2056 |
||
2057 |
||
2058 |
317: iptables -L INPUT -n | egrep -q 'ufw-after-input' |
|
2059 |
||
2060 |
||
2061 |
318: iptables -L INPUT -n | egrep -q 'ufw-after-logging-input' |
|
2062 |
||
2063 |
||
2064 |
319: iptables -L INPUT -n | egrep -q 'ufw-reject-input' |
|
2065 |
||
2066 |
||
2067 |
320: iptables -L INPUT -n | egrep -q 'ufw-track-input' |
|
2068 |
||
2069 |
||
2070 |
321: iptables -L OUTPUT -n | egrep -q 'ufw-before-logging-output' |
|
2071 |
||
2072 |
||
2073 |
322: iptables -L OUTPUT -n | egrep -q 'ufw-before-output' |
|
2074 |
||
2075 |
||
2076 |
323: iptables -L OUTPUT -n | egrep -q 'ufw-after-output' |
|
2077 |
||
2078 |
||
2079 |
324: iptables -L OUTPUT -n | egrep -q 'ufw-after-logging-output' |
|
2080 |
||
2081 |
||
2082 |
325: iptables -L OUTPUT -n | egrep -q 'ufw-reject-output' |
|
2083 |
||
2084 |
||
2085 |
326: iptables -L OUTPUT -n | egrep -q 'ufw-track-output' |
|
2086 |
||
2087 |
||
2088 |
327: iptables -L FORWARD -n | egrep -q 'ufw-before-logging-forward' |
|
2089 |
||
2090 |
||
2091 |
328: iptables -L FORWARD -n | egrep -q 'ufw-before-forward' |
|
2092 |
||
2093 |
||
2094 |
329: iptables -L FORWARD -n | egrep -q 'ufw-after-forward' |
|
2095 |
||
2096 |
||
2097 |
330: iptables -L FORWARD -n | egrep -q 'ufw-after-logging-forward' |
|
2098 |
||
2099 |
||
2100 |
331: iptables -L FORWARD -n | egrep -q 'ufw-reject-forward' |
|
2101 |
||
2102 |
||
2103 |
332: iptables -L FORWARD -n | egrep -q 'ufw-track-forward' |
|
2104 |
||
2105 |
||
2106 |
333: logging medium |
|
2107 |
||
2108 |
||
2109 |
334: disable |
|
2110 |
||
2111 |
||
2112 |
335: enable |
|
2113 |
||
2114 |
||
2115 |
336: iptables -L INPUT -n | egrep -q 'ufw-before-logging-input' |
|
2116 |
||
2117 |
||
2118 |
337: iptables -L INPUT -n | egrep -q 'ufw-before-input' |
|
2119 |
||
2120 |
||
2121 |
338: iptables -L INPUT -n | egrep -q 'ufw-after-input' |
|
2122 |
||
2123 |
||
2124 |
339: iptables -L INPUT -n | egrep -q 'ufw-after-logging-input' |
|
2125 |
||
2126 |
||
2127 |
340: iptables -L INPUT -n | egrep -q 'ufw-reject-input' |
|
2128 |
||
2129 |
||
2130 |
341: iptables -L INPUT -n | egrep -q 'ufw-track-input' |
|
2131 |
||
2132 |
||
2133 |
342: iptables -L OUTPUT -n | egrep -q 'ufw-before-logging-output' |
|
2134 |
||
2135 |
||
2136 |
343: iptables -L OUTPUT -n | egrep -q 'ufw-before-output' |
|
2137 |
||
2138 |
||
2139 |
344: iptables -L OUTPUT -n | egrep -q 'ufw-after-output' |
|
2140 |
||
2141 |
||
2142 |
345: iptables -L OUTPUT -n | egrep -q 'ufw-after-logging-output' |
|
2143 |
||
2144 |
||
2145 |
346: iptables -L OUTPUT -n | egrep -q 'ufw-reject-output' |
|
2146 |
||
2147 |
||
2148 |
347: iptables -L OUTPUT -n | egrep -q 'ufw-track-output' |
|
2149 |
||
2150 |
||
2151 |
348: iptables -L FORWARD -n | egrep -q 'ufw-before-logging-forward' |
|
2152 |
||
2153 |
||
2154 |
349: iptables -L FORWARD -n | egrep -q 'ufw-before-forward' |
|
2155 |
||
2156 |
||
2157 |
350: iptables -L FORWARD -n | egrep -q 'ufw-after-forward' |
|
2158 |
||
2159 |
||
2160 |
351: iptables -L FORWARD -n | egrep -q 'ufw-after-logging-forward' |
|
2161 |
||
2162 |
||
2163 |
352: iptables -L FORWARD -n | egrep -q 'ufw-reject-forward' |
|
2164 |
||
2165 |
||
2166 |
353: iptables -L FORWARD -n | egrep -q 'ufw-track-forward' |
|
2167 |
||
2168 |
||
2169 |
354: logging high |
|
2170 |
||
2171 |
||
2172 |
355: disable |
|
2173 |
||
2174 |
||
2175 |
356: enable |
|
2176 |
||
2177 |
||
2178 |
357: iptables -L INPUT -n | egrep -q 'ufw-before-logging-input' |
|
2179 |
||
2180 |
||
2181 |
358: iptables -L INPUT -n | egrep -q 'ufw-before-input' |
|
2182 |
||
2183 |
||
2184 |
359: iptables -L INPUT -n | egrep -q 'ufw-after-input' |
|
2185 |
||
2186 |
||
2187 |
360: iptables -L INPUT -n | egrep -q 'ufw-after-logging-input' |
|
2188 |
||
2189 |
||
2190 |
361: iptables -L INPUT -n | egrep -q 'ufw-reject-input' |
|
2191 |
||
2192 |
||
2193 |
362: iptables -L INPUT -n | egrep -q 'ufw-track-input' |
|
2194 |
||
2195 |
||
2196 |
363: iptables -L OUTPUT -n | egrep -q 'ufw-before-logging-output' |
|
2197 |
||
2198 |
||
2199 |
364: iptables -L OUTPUT -n | egrep -q 'ufw-before-output' |
|
2200 |
||
2201 |
||
2202 |
365: iptables -L OUTPUT -n | egrep -q 'ufw-after-output' |
|
2203 |
||
2204 |
||
2205 |
366: iptables -L OUTPUT -n | egrep -q 'ufw-after-logging-output' |
|
2206 |
||
2207 |
||
2208 |
367: iptables -L OUTPUT -n | egrep -q 'ufw-reject-output' |
|
2209 |
||
2210 |
||
2211 |
368: iptables -L OUTPUT -n | egrep -q 'ufw-track-output' |
|
2212 |
||
2213 |
||
2214 |
369: iptables -L FORWARD -n | egrep -q 'ufw-before-logging-forward' |
|
2215 |
||
2216 |
||
2217 |
370: iptables -L FORWARD -n | egrep -q 'ufw-before-forward' |
|
2218 |
||
2219 |
||
2220 |
371: iptables -L FORWARD -n | egrep -q 'ufw-after-forward' |
|
2221 |
||
2222 |
||
2223 |
372: iptables -L FORWARD -n | egrep -q 'ufw-after-logging-forward' |
|
2224 |
||
2225 |
||
2226 |
373: iptables -L FORWARD -n | egrep -q 'ufw-reject-forward' |
|
2227 |
||
2228 |
||
2229 |
374: iptables -L FORWARD -n | egrep -q 'ufw-track-forward' |
|
2230 |
||
2231 |
||
2232 |
375: logging full |
|
2233 |
||
2234 |
||
2235 |
376: disable |
|
2236 |
||
2237 |
||
2238 |
377: enable |
|
2239 |
||
2240 |
||
2241 |
378: iptables -L INPUT -n | egrep -q 'ufw-before-logging-input' |
|
2242 |
||
2243 |
||
2244 |
379: iptables -L INPUT -n | egrep -q 'ufw-before-input' |
|
2245 |
||
2246 |
||
2247 |
380: iptables -L INPUT -n | egrep -q 'ufw-after-input' |
|
2248 |
||
2249 |
||
2250 |
381: iptables -L INPUT -n | egrep -q 'ufw-after-logging-input' |
|
2251 |
||
2252 |
||
2253 |
382: iptables -L INPUT -n | egrep -q 'ufw-reject-input' |
|
2254 |
||
2255 |
||
2256 |
383: iptables -L INPUT -n | egrep -q 'ufw-track-input' |
|
2257 |
||
2258 |
||
2259 |
384: iptables -L OUTPUT -n | egrep -q 'ufw-before-logging-output' |
|
2260 |
||
2261 |
||
2262 |
385: iptables -L OUTPUT -n | egrep -q 'ufw-before-output' |
|
2263 |
||
2264 |
||
2265 |
386: iptables -L OUTPUT -n | egrep -q 'ufw-after-output' |
|
2266 |
||
2267 |
||
2268 |
387: iptables -L OUTPUT -n | egrep -q 'ufw-after-logging-output' |
|
2269 |
||
2270 |
||
2271 |
388: iptables -L OUTPUT -n | egrep -q 'ufw-reject-output' |
|
2272 |
||
2273 |
||
2274 |
389: iptables -L OUTPUT -n | egrep -q 'ufw-track-output' |
|
2275 |
||
2276 |
||
2277 |
390: iptables -L FORWARD -n | egrep -q 'ufw-before-logging-forward' |
|
2278 |
||
2279 |
||
2280 |
391: iptables -L FORWARD -n | egrep -q 'ufw-before-forward' |
|
2281 |
||
2282 |
||
2283 |
392: iptables -L FORWARD -n | egrep -q 'ufw-after-forward' |
|
2284 |
||
2285 |
||
2286 |
393: iptables -L FORWARD -n | egrep -q 'ufw-after-logging-forward' |
|
2287 |
||
2288 |
||
2289 |
394: iptables -L FORWARD -n | egrep -q 'ufw-reject-forward' |
|
2290 |
||
2291 |
||
2292 |
395: iptables -L FORWARD -n | egrep -q 'ufw-track-forward' |
|
30.1.8
by Jamie Strandboge
Import upstream version 0.29.3 |
2293 |
|
2294 |
||
2295 |
Verify secondary chains |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2296 |
396: logging off |
2297 |
||
2298 |
||
2299 |
397: disable |
|
2300 |
||
2301 |
||
2302 |
398: enable |
|
2303 |
||
2304 |
||
2305 |
399: ! iptables -L ufw-logging-deny -n | egrep -q '0 references' |
|
2306 |
||
2307 |
||
2308 |
400: ! iptables -L ufw-not-local -n | egrep -q '0 references' |
|
2309 |
||
2310 |
||
2311 |
401: ! iptables -L ufw-user-forward -n | egrep -q '0 references' |
|
2312 |
||
2313 |
||
2314 |
402: ! iptables -L ufw-user-input -n | egrep -q '0 references' |
|
2315 |
||
2316 |
||
2317 |
403: ! iptables -L ufw-user-output -n | egrep -q '0 references' |
|
2318 |
||
2319 |
||
2320 |
404: ! iptables -L ufw-skip-to-policy-input -n | egrep -q '0 references' |
|
2321 |
||
2322 |
||
2323 |
405: iptables -L ufw-logging-allow -n | egrep -q '0 references' |
|
2324 |
||
2325 |
||
2326 |
406: iptables -L ufw-user-limit -n | egrep -q '0 references' |
|
2327 |
||
2328 |
||
2329 |
407: iptables -L ufw-user-limit-accept -n | egrep -q '0 references' |
|
2330 |
||
2331 |
||
2332 |
408: iptables -L ufw-user-logging-forward -n | egrep -q '0 references' |
|
2333 |
||
2334 |
||
2335 |
409: iptables -L ufw-user-logging-input -n | egrep -q '0 references' |
|
2336 |
||
2337 |
||
2338 |
410: iptables -L ufw-user-logging-output -n | egrep -q '0 references' |
|
2339 |
||
2340 |
||
2341 |
411: iptables -L ufw-skip-to-policy-output -n | egrep -q '0 references' |
|
2342 |
||
2343 |
||
2344 |
412: iptables -L ufw-skip-to-policy-forward -n | egrep -q '0 references' |
|
2345 |
||
2346 |
||
2347 |
413: logging on |
|
2348 |
||
2349 |
||
2350 |
414: disable |
|
2351 |
||
2352 |
||
2353 |
415: enable |
|
2354 |
||
2355 |
||
2356 |
416: ! iptables -L ufw-logging-deny -n | egrep -q '0 references' |
|
2357 |
||
2358 |
||
2359 |
417: ! iptables -L ufw-not-local -n | egrep -q '0 references' |
|
2360 |
||
2361 |
||
2362 |
418: ! iptables -L ufw-user-forward -n | egrep -q '0 references' |
|
2363 |
||
2364 |
||
2365 |
419: ! iptables -L ufw-user-input -n | egrep -q '0 references' |
|
2366 |
||
2367 |
||
2368 |
420: ! iptables -L ufw-user-output -n | egrep -q '0 references' |
|
2369 |
||
2370 |
||
2371 |
421: ! iptables -L ufw-skip-to-policy-input -n | egrep -q '0 references' |
|
2372 |
||
2373 |
||
2374 |
422: iptables -L ufw-logging-allow -n | egrep -q '0 references' |
|
2375 |
||
2376 |
||
2377 |
423: iptables -L ufw-user-limit -n | egrep -q '0 references' |
|
2378 |
||
2379 |
||
2380 |
424: iptables -L ufw-user-limit-accept -n | egrep -q '0 references' |
|
2381 |
||
2382 |
||
2383 |
425: iptables -L ufw-user-logging-forward -n | egrep -q '0 references' |
|
2384 |
||
2385 |
||
2386 |
426: iptables -L ufw-user-logging-input -n | egrep -q '0 references' |
|
2387 |
||
2388 |
||
2389 |
427: iptables -L ufw-user-logging-output -n | egrep -q '0 references' |
|
2390 |
||
2391 |
||
2392 |
428: iptables -L ufw-skip-to-policy-output -n | egrep -q '0 references' |
|
2393 |
||
2394 |
||
2395 |
429: iptables -L ufw-skip-to-policy-forward -n | egrep -q '0 references' |
|
2396 |
||
2397 |
||
2398 |
430: logging low |
|
2399 |
||
2400 |
||
2401 |
431: disable |
|
2402 |
||
2403 |
||
2404 |
432: enable |
|
2405 |
||
2406 |
||
2407 |
433: ! iptables -L ufw-logging-deny -n | egrep -q '0 references' |
|
2408 |
||
2409 |
||
2410 |
434: ! iptables -L ufw-not-local -n | egrep -q '0 references' |
|
2411 |
||
2412 |
||
2413 |
435: ! iptables -L ufw-user-forward -n | egrep -q '0 references' |
|
2414 |
||
2415 |
||
2416 |
436: ! iptables -L ufw-user-input -n | egrep -q '0 references' |
|
2417 |
||
2418 |
||
2419 |
437: ! iptables -L ufw-user-output -n | egrep -q '0 references' |
|
2420 |
||
2421 |
||
2422 |
438: ! iptables -L ufw-skip-to-policy-input -n | egrep -q '0 references' |
|
2423 |
||
2424 |
||
2425 |
439: iptables -L ufw-logging-allow -n | egrep -q '0 references' |
|
2426 |
||
2427 |
||
2428 |
440: iptables -L ufw-user-limit -n | egrep -q '0 references' |
|
2429 |
||
2430 |
||
2431 |
441: iptables -L ufw-user-limit-accept -n | egrep -q '0 references' |
|
2432 |
||
2433 |
||
2434 |
442: iptables -L ufw-user-logging-forward -n | egrep -q '0 references' |
|
2435 |
||
2436 |
||
2437 |
443: iptables -L ufw-user-logging-input -n | egrep -q '0 references' |
|
2438 |
||
2439 |
||
2440 |
444: iptables -L ufw-user-logging-output -n | egrep -q '0 references' |
|
2441 |
||
2442 |
||
2443 |
445: iptables -L ufw-skip-to-policy-output -n | egrep -q '0 references' |
|
2444 |
||
2445 |
||
2446 |
446: iptables -L ufw-skip-to-policy-forward -n | egrep -q '0 references' |
|
2447 |
||
2448 |
||
2449 |
447: logging medium |
|
2450 |
||
2451 |
||
2452 |
448: disable |
|
2453 |
||
2454 |
||
2455 |
449: enable |
|
2456 |
||
2457 |
||
2458 |
450: ! iptables -L ufw-logging-deny -n | egrep -q '0 references' |
|
2459 |
||
2460 |
||
2461 |
451: ! iptables -L ufw-not-local -n | egrep -q '0 references' |
|
2462 |
||
2463 |
||
2464 |
452: ! iptables -L ufw-user-forward -n | egrep -q '0 references' |
|
2465 |
||
2466 |
||
2467 |
453: ! iptables -L ufw-user-input -n | egrep -q '0 references' |
|
2468 |
||
2469 |
||
2470 |
454: ! iptables -L ufw-user-output -n | egrep -q '0 references' |
|
2471 |
||
2472 |
||
2473 |
455: ! iptables -L ufw-skip-to-policy-input -n | egrep -q '0 references' |
|
2474 |
||
2475 |
||
2476 |
456: iptables -L ufw-logging-allow -n | egrep -q '0 references' |
|
2477 |
||
2478 |
||
2479 |
457: iptables -L ufw-user-limit -n | egrep -q '0 references' |
|
2480 |
||
2481 |
||
2482 |
458: iptables -L ufw-user-limit-accept -n | egrep -q '0 references' |
|
2483 |
||
2484 |
||
2485 |
459: iptables -L ufw-user-logging-forward -n | egrep -q '0 references' |
|
2486 |
||
2487 |
||
2488 |
460: iptables -L ufw-user-logging-input -n | egrep -q '0 references' |
|
2489 |
||
2490 |
||
2491 |
461: iptables -L ufw-user-logging-output -n | egrep -q '0 references' |
|
2492 |
||
2493 |
||
2494 |
462: iptables -L ufw-skip-to-policy-output -n | egrep -q '0 references' |
|
2495 |
||
2496 |
||
2497 |
463: iptables -L ufw-skip-to-policy-forward -n | egrep -q '0 references' |
|
2498 |
||
2499 |
||
2500 |
464: logging high |
|
2501 |
||
2502 |
||
2503 |
465: disable |
|
2504 |
||
2505 |
||
2506 |
466: enable |
|
2507 |
||
2508 |
||
2509 |
467: ! iptables -L ufw-logging-deny -n | egrep -q '0 references' |
|
2510 |
||
2511 |
||
2512 |
468: ! iptables -L ufw-not-local -n | egrep -q '0 references' |
|
2513 |
||
2514 |
||
2515 |
469: ! iptables -L ufw-user-forward -n | egrep -q '0 references' |
|
2516 |
||
2517 |
||
2518 |
470: ! iptables -L ufw-user-input -n | egrep -q '0 references' |
|
2519 |
||
2520 |
||
2521 |
471: ! iptables -L ufw-user-output -n | egrep -q '0 references' |
|
2522 |
||
2523 |
||
2524 |
472: ! iptables -L ufw-skip-to-policy-input -n | egrep -q '0 references' |
|
2525 |
||
2526 |
||
2527 |
473: iptables -L ufw-logging-allow -n | egrep -q '0 references' |
|
2528 |
||
2529 |
||
2530 |
474: iptables -L ufw-user-limit -n | egrep -q '0 references' |
|
2531 |
||
2532 |
||
2533 |
475: iptables -L ufw-user-limit-accept -n | egrep -q '0 references' |
|
2534 |
||
2535 |
||
2536 |
476: iptables -L ufw-user-logging-forward -n | egrep -q '0 references' |
|
2537 |
||
2538 |
||
2539 |
477: iptables -L ufw-user-logging-input -n | egrep -q '0 references' |
|
2540 |
||
2541 |
||
2542 |
478: iptables -L ufw-user-logging-output -n | egrep -q '0 references' |
|
2543 |
||
2544 |
||
2545 |
479: iptables -L ufw-skip-to-policy-output -n | egrep -q '0 references' |
|
2546 |
||
2547 |
||
2548 |
480: iptables -L ufw-skip-to-policy-forward -n | egrep -q '0 references' |
|
2549 |
||
2550 |
||
2551 |
481: logging full |
|
2552 |
||
2553 |
||
2554 |
482: disable |
|
2555 |
||
2556 |
||
2557 |
483: enable |
|
2558 |
||
2559 |
||
2560 |
484: ! iptables -L ufw-logging-deny -n | egrep -q '0 references' |
|
2561 |
||
2562 |
||
2563 |
485: ! iptables -L ufw-not-local -n | egrep -q '0 references' |
|
2564 |
||
2565 |
||
2566 |
486: ! iptables -L ufw-user-forward -n | egrep -q '0 references' |
|
2567 |
||
2568 |
||
2569 |
487: ! iptables -L ufw-user-input -n | egrep -q '0 references' |
|
2570 |
||
2571 |
||
2572 |
488: ! iptables -L ufw-user-output -n | egrep -q '0 references' |
|
2573 |
||
2574 |
||
2575 |
489: ! iptables -L ufw-skip-to-policy-input -n | egrep -q '0 references' |
|
2576 |
||
2577 |
||
2578 |
490: iptables -L ufw-logging-allow -n | egrep -q '0 references' |
|
2579 |
||
2580 |
||
2581 |
491: iptables -L ufw-user-limit -n | egrep -q '0 references' |
|
2582 |
||
2583 |
||
2584 |
492: iptables -L ufw-user-limit-accept -n | egrep -q '0 references' |
|
2585 |
||
2586 |
||
2587 |
493: iptables -L ufw-user-logging-forward -n | egrep -q '0 references' |
|
2588 |
||
2589 |
||
2590 |
494: iptables -L ufw-user-logging-input -n | egrep -q '0 references' |
|
2591 |
||
2592 |
||
2593 |
495: iptables -L ufw-user-logging-output -n | egrep -q '0 references' |
|
2594 |
||
2595 |
||
2596 |
496: iptables -L ufw-skip-to-policy-output -n | egrep -q '0 references' |
|
2597 |
||
2598 |
||
2599 |
497: iptables -L ufw-skip-to-policy-forward -n | egrep -q '0 references' |
|
2600 |
||
2601 |
||
2602 |
498: logging on |
|
2603 |
||
2604 |
||
2605 |
499: disable |
|
30.1.8
by Jamie Strandboge
Import upstream version 0.29.3 |
2606 |
|
2607 |
||
2608 |
'Resource temporarily unavailable' test |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2609 |
500: disable |
2610 |
||
2611 |
||
2612 |
501: allow 22/tcp |
|
2613 |
||
2614 |
||
2615 |
502: enable |
|
30.1.8
by Jamie Strandboge
Import upstream version 0.29.3 |
2616 |
|
2617 |
||
2618 |
503: ufw-init start/flush-all |
|
2619 |
||
2620 |
||
2621 |
504: ufw-init start/flush-all |
|
2622 |
||
2623 |
||
2624 |
505: ufw-init start/flush-all |
|
2625 |
||
2626 |
||
2627 |
506: ufw-init start/flush-all |
|
2628 |
||
2629 |
||
2630 |
507: ufw-init start/flush-all |
|
2631 |
||
2632 |
||
2633 |
508: ufw-init start/flush-all |
|
2634 |
||
2635 |
||
2636 |
509: ufw-init start/flush-all |
|
2637 |
||
2638 |
||
2639 |
510: ufw-init start/flush-all |
|
2640 |
||
2641 |
||
2642 |
511: ufw-init start/flush-all |
|
2643 |
||
2644 |
||
2645 |
512: ufw-init start/flush-all |
|
2646 |
||
2647 |
||
2648 |
513: ufw-init start/flush-all |
|
2649 |
||
2650 |
||
2651 |
514: ufw-init start/flush-all |
|
2652 |
||
2653 |
||
2654 |
515: ufw-init start/flush-all |
|
2655 |
||
2656 |
||
2657 |
516: ufw-init start/flush-all |
|
2658 |
||
2659 |
||
2660 |
517: ufw-init start/flush-all |
|
2661 |
||
2662 |
||
2663 |
518: ufw-init start/flush-all |
|
2664 |
||
2665 |
||
2666 |
519: ufw-init start/flush-all |
|
2667 |
||
2668 |
||
2669 |
520: ufw-init start/flush-all |
|
2670 |
||
2671 |
||
2672 |
521: ufw-init start/flush-all |
|
2673 |
||
2674 |
||
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2675 |
522: ufw-init start/flush-all |
2676 |
||
2677 |
||
2678 |
523: ufw-init start/flush-all |
|
2679 |
||
2680 |
||
2681 |
524: ufw-init start/flush-all |
|
2682 |
||
2683 |
||
2684 |
525: ufw-init start/flush-all |
|
2685 |
||
2686 |
||
2687 |
526: ufw-init start/flush-all |
|
2688 |
||
2689 |
||
2690 |
527: ufw-init start/flush-all |
|
2691 |
||
2692 |
||
2693 |
528: enable |
|
2694 |
||
2695 |
||
2696 |
529: delete allow 22/tcp |
|
30.1.8
by Jamie Strandboge
Import upstream version 0.29.3 |
2697 |
|
2698 |
||
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2699 |
Reset test |
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2700 |
530: enable |
2701 |
||
2702 |
||
2703 |
531: allow 12345 |
|
2704 |
||
2705 |
||
2706 |
532: reset |
|
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2707 |
|
2708 |
||
2709 |
Show
|
|
2710 |
Setting IPV6 to yes |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2711 |
533: disable |
2712 |
||
2713 |
||
2714 |
534: enable |
|
2715 |
||
2716 |
||
2717 |
535: show raw |
|
2718 |
||
2719 |
||
2720 |
536: show builtins |
|
2721 |
||
2722 |
||
2723 |
537: show before-rules |
|
2724 |
||
2725 |
||
2726 |
538: show user-rules |
|
2727 |
||
2728 |
||
2729 |
539: show after-rules |
|
2730 |
||
2731 |
||
2732 |
540: show logging-rules |
|
2733 |
||
2734 |
||
2735 |
541: show listening |
|
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2736 |
|
2737 |
||
2738 |
Setting IPV6 to no |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2739 |
542: disable |
2740 |
||
2741 |
||
2742 |
543: enable |
|
2743 |
||
2744 |
||
2745 |
544: show raw |
|
2746 |
||
2747 |
||
2748 |
545: show builtins |
|
2749 |
||
2750 |
||
2751 |
546: show before-rules |
|
2752 |
||
2753 |
||
2754 |
547: show user-rules |
|
2755 |
||
2756 |
||
2757 |
548: show after-rules |
|
2758 |
||
2759 |
||
2760 |
549: show logging-rules |
|
2761 |
||
2762 |
||
2763 |
550: show listening |
|
2764 |
||
2765 |
||
2766 |
551: disable |
|
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2767 |
|
2768 |
||
2769 |
Delete by number |
|
2770 |
Setting IPV6 to yes |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2771 |
552: disable |
2772 |
||
2773 |
||
2774 |
553: enable |
|
2775 |
||
2776 |
||
2777 |
554: allow 1 |
|
2778 |
||
2779 |
||
2780 |
555: allow 2 |
|
2781 |
||
2782 |
||
2783 |
556: allow 3 |
|
2784 |
||
2785 |
||
2786 |
557: allow 4 |
|
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2787 |
|
2788 |
||
2789 |
### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in |
|
2790 |
-A ufw-user-input -p tcp --dport 1 -j ACCEPT |
|
2791 |
-A ufw-user-input -p udp --dport 1 -j ACCEPT |
|
2792 |
--
|
|
2793 |
### tuple ### allow any 2 0.0.0.0/0 any 0.0.0.0/0 in |
|
2794 |
-A ufw-user-input -p tcp --dport 2 -j ACCEPT |
|
2795 |
-A ufw-user-input -p udp --dport 2 -j ACCEPT |
|
2796 |
--
|
|
2797 |
### tuple ### allow any 3 0.0.0.0/0 any 0.0.0.0/0 in |
|
2798 |
-A ufw-user-input -p tcp --dport 3 -j ACCEPT |
|
2799 |
-A ufw-user-input -p udp --dport 3 -j ACCEPT |
|
2800 |
--
|
|
2801 |
### tuple ### allow any 4 0.0.0.0/0 any 0.0.0.0/0 in |
|
2802 |
-A ufw-user-input -p tcp --dport 4 -j ACCEPT |
|
2803 |
-A ufw-user-input -p udp --dport 4 -j ACCEPT |
|
2804 |
### tuple ### allow any 1 ::/0 any ::/0 in |
|
2805 |
-A ufw6-user-input -p tcp --dport 1 -j ACCEPT |
|
2806 |
-A ufw6-user-input -p udp --dport 1 -j ACCEPT |
|
2807 |
--
|
|
2808 |
### tuple ### allow any 2 ::/0 any ::/0 in |
|
2809 |
-A ufw6-user-input -p tcp --dport 2 -j ACCEPT |
|
2810 |
-A ufw6-user-input -p udp --dport 2 -j ACCEPT |
|
2811 |
--
|
|
2812 |
### tuple ### allow any 3 ::/0 any ::/0 in |
|
2813 |
-A ufw6-user-input -p tcp --dport 3 -j ACCEPT |
|
2814 |
-A ufw6-user-input -p udp --dport 3 -j ACCEPT |
|
2815 |
--
|
|
2816 |
### tuple ### allow any 4 ::/0 any ::/0 in |
|
2817 |
-A ufw6-user-input -p tcp --dport 4 -j ACCEPT |
|
2818 |
-A ufw6-user-input -p udp --dport 4 -j ACCEPT |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2819 |
558: --force delete 8 |
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2820 |
|
2821 |
||
2822 |
### tuple ### allow any 1 ::/0 any ::/0 in |
|
2823 |
-A ufw6-user-input -p tcp --dport 1 -j ACCEPT |
|
2824 |
-A ufw6-user-input -p udp --dport 1 -j ACCEPT |
|
2825 |
--
|
|
2826 |
### tuple ### allow any 2 ::/0 any ::/0 in |
|
2827 |
-A ufw6-user-input -p tcp --dport 2 -j ACCEPT |
|
2828 |
-A ufw6-user-input -p udp --dport 2 -j ACCEPT |
|
2829 |
--
|
|
2830 |
### tuple ### allow any 3 ::/0 any ::/0 in |
|
2831 |
-A ufw6-user-input -p tcp --dport 3 -j ACCEPT |
|
2832 |
-A ufw6-user-input -p udp --dport 3 -j ACCEPT |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2833 |
559: --force delete 4 |
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2834 |
|
2835 |
||
2836 |
### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in |
|
2837 |
-A ufw-user-input -p tcp --dport 1 -j ACCEPT |
|
2838 |
-A ufw-user-input -p udp --dport 1 -j ACCEPT |
|
2839 |
--
|
|
2840 |
### tuple ### allow any 2 0.0.0.0/0 any 0.0.0.0/0 in |
|
2841 |
-A ufw-user-input -p tcp --dport 2 -j ACCEPT |
|
2842 |
-A ufw-user-input -p udp --dport 2 -j ACCEPT |
|
2843 |
--
|
|
2844 |
### tuple ### allow any 3 0.0.0.0/0 any 0.0.0.0/0 in |
|
2845 |
-A ufw-user-input -p tcp --dport 3 -j ACCEPT |
|
2846 |
-A ufw-user-input -p udp --dport 3 -j ACCEPT |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2847 |
560: --force delete 6 |
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2848 |
|
2849 |
||
2850 |
### tuple ### allow any 1 ::/0 any ::/0 in |
|
2851 |
-A ufw6-user-input -p tcp --dport 1 -j ACCEPT |
|
2852 |
-A ufw6-user-input -p udp --dport 1 -j ACCEPT |
|
2853 |
--
|
|
2854 |
### tuple ### allow any 2 ::/0 any ::/0 in |
|
2855 |
-A ufw6-user-input -p tcp --dport 2 -j ACCEPT |
|
2856 |
-A ufw6-user-input -p udp --dport 2 -j ACCEPT |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2857 |
561: --force delete 3 |
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2858 |
|
2859 |
||
2860 |
### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in |
|
2861 |
-A ufw-user-input -p tcp --dport 1 -j ACCEPT |
|
2862 |
-A ufw-user-input -p udp --dport 1 -j ACCEPT |
|
2863 |
--
|
|
2864 |
### tuple ### allow any 2 0.0.0.0/0 any 0.0.0.0/0 in |
|
2865 |
-A ufw-user-input -p tcp --dport 2 -j ACCEPT |
|
2866 |
-A ufw-user-input -p udp --dport 2 -j ACCEPT |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2867 |
562: --force delete 4 |
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2868 |
|
2869 |
||
2870 |
### tuple ### allow any 1 ::/0 any ::/0 in |
|
2871 |
-A ufw6-user-input -p tcp --dport 1 -j ACCEPT |
|
2872 |
-A ufw6-user-input -p udp --dport 1 -j ACCEPT |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2873 |
563: --force delete 2 |
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2874 |
|
2875 |
||
2876 |
### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in |
|
2877 |
-A ufw-user-input -p tcp --dport 1 -j ACCEPT |
|
2878 |
-A ufw-user-input -p udp --dport 1 -j ACCEPT |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2879 |
564: --force delete 2 |
2880 |
||
2881 |
||
2882 |
565: --force delete 1 |
|
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2883 |
|
2884 |
||
2885 |
Setting IPV6 to no |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2886 |
566: disable |
2887 |
||
2888 |
||
2889 |
567: enable |
|
2890 |
||
2891 |
||
2892 |
568: allow 1 |
|
2893 |
||
2894 |
||
2895 |
569: allow 2 |
|
2896 |
||
2897 |
||
2898 |
570: allow 3 |
|
2899 |
||
2900 |
||
2901 |
571: allow 4 |
|
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2902 |
|
2903 |
||
2904 |
### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in |
|
2905 |
-A ufw-user-input -p tcp --dport 1 -j ACCEPT |
|
2906 |
-A ufw-user-input -p udp --dport 1 -j ACCEPT |
|
2907 |
--
|
|
2908 |
### tuple ### allow any 2 0.0.0.0/0 any 0.0.0.0/0 in |
|
2909 |
-A ufw-user-input -p tcp --dport 2 -j ACCEPT |
|
2910 |
-A ufw-user-input -p udp --dport 2 -j ACCEPT |
|
2911 |
--
|
|
2912 |
### tuple ### allow any 3 0.0.0.0/0 any 0.0.0.0/0 in |
|
2913 |
-A ufw-user-input -p tcp --dport 3 -j ACCEPT |
|
2914 |
-A ufw-user-input -p udp --dport 3 -j ACCEPT |
|
2915 |
--
|
|
2916 |
### tuple ### allow any 4 0.0.0.0/0 any 0.0.0.0/0 in |
|
2917 |
-A ufw-user-input -p tcp --dport 4 -j ACCEPT |
|
2918 |
-A ufw-user-input -p udp --dport 4 -j ACCEPT |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2919 |
572: --force delete 4 |
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2920 |
|
2921 |
||
2922 |
### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in |
|
2923 |
-A ufw-user-input -p tcp --dport 1 -j ACCEPT |
|
2924 |
-A ufw-user-input -p udp --dport 1 -j ACCEPT |
|
2925 |
--
|
|
2926 |
### tuple ### allow any 2 0.0.0.0/0 any 0.0.0.0/0 in |
|
2927 |
-A ufw-user-input -p tcp --dport 2 -j ACCEPT |
|
2928 |
-A ufw-user-input -p udp --dport 2 -j ACCEPT |
|
2929 |
--
|
|
2930 |
### tuple ### allow any 3 0.0.0.0/0 any 0.0.0.0/0 in |
|
2931 |
-A ufw-user-input -p tcp --dport 3 -j ACCEPT |
|
2932 |
-A ufw-user-input -p udp --dport 3 -j ACCEPT |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2933 |
573: --force delete 3 |
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2934 |
|
2935 |
||
2936 |
### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in |
|
2937 |
-A ufw-user-input -p tcp --dport 1 -j ACCEPT |
|
2938 |
-A ufw-user-input -p udp --dport 1 -j ACCEPT |
|
2939 |
--
|
|
2940 |
### tuple ### allow any 2 0.0.0.0/0 any 0.0.0.0/0 in |
|
2941 |
-A ufw-user-input -p tcp --dport 2 -j ACCEPT |
|
2942 |
-A ufw-user-input -p udp --dport 2 -j ACCEPT |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2943 |
574: --force delete 2 |
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2944 |
|
2945 |
||
2946 |
### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in |
|
2947 |
-A ufw-user-input -p tcp --dport 1 -j ACCEPT |
|
2948 |
-A ufw-user-input -p udp --dport 1 -j ACCEPT |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2949 |
575: --force delete 1 |
30.1.9
by Jamie Strandboge
Import upstream version 0.30pre1 |
2950 |
|
2951 |
||
30.1.12
by Jamie Strandboge
Import upstream version 0.31 |
2952 |
Testing interface with '+' |
2953 |
Setting IPV6 to yes |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2954 |
576: disable |
2955 |
||
2956 |
||
2957 |
577: enable |
|
2958 |
||
2959 |
||
2960 |
578: allow in on lo+ |
|
30.1.12
by Jamie Strandboge
Import upstream version 0.31 |
2961 |
WARN: Checks disabled |
2962 |
Rule added |
|
2963 |
Rule added (v6) |
|
2964 |
||
2965 |
||
2966 |
### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_lo+ |
|
2967 |
-A ufw-user-input -i lo+ -j ACCEPT |
|
2968 |
||
2969 |
### tuple ### allow any any ::/0 any ::/0 in_lo+ |
|
2970 |
-A ufw6-user-input -i lo+ -j ACCEPT |
|
2971 |
||
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2972 |
579: delete allow in on lo+ |
30.1.12
by Jamie Strandboge
Import upstream version 0.31 |
2973 |
WARN: Checks disabled |
2974 |
Rule deleted |
|
2975 |
Rule deleted (v6) |
|
2976 |
||
2977 |
||
2978 |
Setting IPV6 to yes |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2979 |
580: disable |
2980 |
||
2981 |
||
2982 |
581: enable |
|
2983 |
||
2984 |
||
2985 |
582: allow out on lo+ |
|
30.1.12
by Jamie Strandboge
Import upstream version 0.31 |
2986 |
WARN: Checks disabled |
2987 |
Rule added |
|
2988 |
Rule added (v6) |
|
2989 |
||
2990 |
||
2991 |
### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_lo+ |
|
2992 |
-A ufw-user-output -o lo+ -j ACCEPT |
|
2993 |
||
2994 |
### tuple ### allow any any ::/0 any ::/0 out_lo+ |
|
2995 |
-A ufw6-user-output -o lo+ -j ACCEPT |
|
2996 |
||
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
2997 |
583: delete allow out on lo+ |
30.1.12
by Jamie Strandboge
Import upstream version 0.31 |
2998 |
WARN: Checks disabled |
2999 |
Rule deleted |
|
3000 |
Rule deleted (v6) |
|
3001 |
||
3002 |
||
3003 |
Setting IPV6 to no |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
3004 |
584: disable |
3005 |
||
3006 |
||
3007 |
585: enable |
|
3008 |
||
3009 |
||
3010 |
586: allow in on lo+ |
|
30.1.12
by Jamie Strandboge
Import upstream version 0.31 |
3011 |
WARN: Checks disabled |
3012 |
Rule added |
|
3013 |
||
3014 |
||
3015 |
### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_lo+ |
|
3016 |
-A ufw-user-input -i lo+ -j ACCEPT |
|
3017 |
||
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
3018 |
587: delete allow in on lo+ |
30.1.12
by Jamie Strandboge
Import upstream version 0.31 |
3019 |
WARN: Checks disabled |
3020 |
Rule deleted |
|
3021 |
||
3022 |
||
3023 |
Setting IPV6 to no |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
3024 |
588: disable |
3025 |
||
3026 |
||
3027 |
589: enable |
|
3028 |
||
3029 |
||
3030 |
590: allow out on lo+ |
|
30.1.12
by Jamie Strandboge
Import upstream version 0.31 |
3031 |
WARN: Checks disabled |
3032 |
Rule added |
|
3033 |
||
3034 |
||
3035 |
### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_lo+ |
|
3036 |
-A ufw-user-output -o lo+ -j ACCEPT |
|
3037 |
||
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
3038 |
591: delete allow out on lo+ |
30.1.12
by Jamie Strandboge
Import upstream version 0.31 |
3039 |
WARN: Checks disabled |
3040 |
Rule deleted |
|
3041 |
||
3042 |
||
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
3043 |
592: disable |
30.1.12
by Jamie Strandboge
Import upstream version 0.31 |
3044 |
|
3045 |
||
30.1.15
by Jamie Strandboge
Import upstream version 0.33 |
3046 |
Show added |
3047 |
Setting IPV6 to yes |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
3048 |
593: disable |
3049 |
||
3050 |
||
3051 |
594: enable |
|
3052 |
||
3053 |
||
3054 |
595: limit 22/tcp |
|
3055 |
||
3056 |
||
3057 |
596: allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp |
|
3058 |
||
3059 |
||
3060 |
597: deny Samba |
|
3061 |
||
3062 |
||
3063 |
598: show added |
|
30.1.15
by Jamie Strandboge
Import upstream version 0.33 |
3064 |
WARN: Checks disabled |
3065 |
Added user rules (see 'ufw status' for running firewall): |
|
3066 |
ufw limit 22/tcp |
|
3067 |
ufw deny Samba |
|
3068 |
ufw allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp |
|
3069 |
||
3070 |
||
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
3071 |
599: delete limit 22/tcp |
3072 |
||
3073 |
||
3074 |
600: delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp |
|
3075 |
||
3076 |
||
3077 |
601: delete deny Samba |
|
3078 |
||
3079 |
||
3080 |
602: show added |
|
30.1.15
by Jamie Strandboge
Import upstream version 0.33 |
3081 |
WARN: Checks disabled |
3082 |
Added user rules (see 'ufw status' for running firewall): |
|
3083 |
(None) |
|
3084 |
||
3085 |
||
3086 |
Setting IPV6 to no |
|
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
3087 |
603: disable |
3088 |
||
3089 |
||
3090 |
604: enable |
|
3091 |
||
3092 |
||
3093 |
605: limit 22/tcp |
|
3094 |
||
3095 |
||
3096 |
606: deny Samba |
|
3097 |
||
3098 |
||
3099 |
607: show added |
|
30.1.15
by Jamie Strandboge
Import upstream version 0.33 |
3100 |
WARN: Checks disabled |
3101 |
Added user rules (see 'ufw status' for running firewall): |
|
3102 |
ufw limit 22/tcp |
|
3103 |
ufw deny Samba |
|
3104 |
||
3105 |
||
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
3106 |
608: delete limit 22/tcp |
3107 |
||
3108 |
||
3109 |
609: delete deny Samba |
|
3110 |
||
3111 |
||
3112 |
610: show added |
|
30.1.15
by Jamie Strandboge
Import upstream version 0.33 |
3113 |
WARN: Checks disabled |
3114 |
Added user rules (see 'ufw status' for running firewall): |
|
3115 |
(None) |
|
3116 |
||
3117 |
||
30.1.16
by Jamie Strandboge
Import upstream version 0.34~rc |
3118 |
611: disable |
3119 |
||
3120 |
||
3121 |
612: disable |
|
30.1.15
by Jamie Strandboge
Import upstream version 0.33 |
3122 |
|
3123 |