Go Back   EQEmulator Home > EQEmulator Forums > Support > Support::Linux Servers

Support::Linux Servers Support forum for Linux EQEMu users.

Reply
 
Thread Tools Display Modes
  #1  
Old 03-01-2021, 02:05 PM
Huppy's Avatar
Huppy
Demi-God
 
Join Date: Oct 2010
Posts: 1,332
Default Linux Firewall Tip

I like to leave little trivial tips for newbies once in awhile. Back when I first installed anything *nix, my first learning experience was Mandrake Linux. Not sure if that's still around or not, but then I got into a little FreeBSD.

Monkey'ing around with IP tables to set firewall policies back then was a pita, but I've been using debian for a long time now and since vs 9, an app called ufw makes things so much easier. Not sure if other flavors have it, but it simplifies a lot.

Keep something in mind, IF you ever get a remote host, (vps, etc), a lot of them come left wide open, with no firewall active.

After install, it's not active by default, but for a good reason. Once it becomes active, ALL ports are blocked, including the ssh you need to log on. So best to leave it off until you get some port allows entered. Like the following:

sudo ufw allow 22/tcp (this is the default port for remote ssh)

sudo ufw allow 3306/tcp (for mariadb/mysql)

You can also do port ranges easily:

sudo ufw allow 5998:5999/tcp
sudo ufw allow 5998:5999/udp

Afterwards, typing: sudo ufw enable (firewall becomes active)

Typing: ufw status verbose

would show something like this:


Code:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
3306/tcp                   ALLOW IN    Anywhere
5998:5999/tcp              ALLOW IN    Anywhere
5998:5999/udp              ALLOW IN    Anywhere
7100:7500/tcp              ALLOW IN    Anywhere
7100:7500/udp              ALLOW IN    Anywhere
9000:9100/tcp              ALLOW IN    Anywhere
9000:9100/udp              ALLOW IN    Anywhere
7778/tcp                   ALLOW IN    Anywhere
7778/udp                   ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)
3306/tcp (v6)              ALLOW IN    Anywhere (v6)
5998:5999/tcp (v6)         ALLOW IN    Anywhere (v6)
5998:5999/udp (v6)         ALLOW IN    Anywhere (v6)
7100:7500/tcp (v6)         ALLOW IN    Anywhere (v6)
7100:7500/udp (v6)         ALLOW IN    Anywhere (v6)
9000:9100/tcp (v6)         ALLOW IN    Anywhere (v6)
9000:9100/udp (v6)         ALLOW IN    Anywhere (v6)
7778/tcp (v6)              ALLOW IN    Anywhere (v6)
7778/udp (v6)              ALLOW IN    Anywhere (v6)
__________________
Hanging out at Antonica.World
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

   

All times are GMT -4. The time now is 05:30 PM.


 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3