Hi Larry!
On Tue, Oct 16, 2012 at 4:14 PM, Dazed_75 <
lthielster@gmail.com> wrote:
> Can anyone tell me how to make a ufw (uncomplicated firewall) rule to
> allow incoming ssh but only from the LAN or even a specific LAN. Not sure
> I need to specify an alternate port, but that would be good to know as well.
UFW rule:
*advanced allow example for allowing access from an ip address range
10.120.0.1 - 10.120.0.255 to port 22*
sudo ufw allow from 10.0.0.0/24 to any port 22
you want to block access to port 22 from 192.168.0.1 and 192.168.0.7 but
allow all other 192.168.0.x IPs to have access to port 22
Code:
sudo ufw deny from 192.168.0.1 to any port 22
sudo ufw deny from 192.168.0.7 to any port 22
sudo ufw allow from 192.168.0.0/24 to any port 22
if you do the allow statement before either of the deny statements it will
be matched first and the deny will not be evaluated.
you can check this by checking ufw status
Code:
sudo ufw status
To Action From
-- ------ ----
22:tcp DENY 192.168.0.1
22:udp DENY 192.168.0.1
22:tcp DENY 192.168.0.7
22:udp DENY 192.168.0.7
22:tcp ALLOW 192.168.0.0/24
22:udp ALLOW 192.168.0.0/24
the allow is at the bottom and will be the last command evaluated if it
appeared above the deny rules the deny rules would not be evaluated.
Reference:
http://ubuntuforums.org/showthread.php?t=823741
>
> Dazed_75 a.k.a. Larry
>
> Please protect my address like I protect yours. When sending messages to
> multiple recipients, always use the BCC: (Blind carbon copy) and not To: or
> CC:. Remove all addresses from the message body before sending a Forwarded
> message. This can prevent spy programs capturing addresses from the
> recipient list and message body.
>
--
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)