Friday, 6 September 2019

Firewall in Ubuntu

The UFW firewall is the default firewall that ships standard with the Ubuntu Linux DistributionUFW stands for Uncomplicated Firewall.
  • To enable the ufw firewall, open a new Terminal window and execute the following command:
     
    sudo ufw enable
     
  • To disable the ufw firewall, open a new Terminal windows and execute the following command:
     
    sudo ufw disable
     
  • To view the status of the ufw execute the below command:
    sudo ufw status
    How do I disable the firewall in Ubuntu Linux server edition? How do I turn off the firewall in Ubuntu Linux version 12.04 or 14.04 LTS server?

    The latest version of Ubuntu comes with a program called ufw. It is used for managing a Linux firewall and aims to provide an easy to use interface for the user. [donotprint][/donotprint]

    A Note About ufw

    As I said earlier, the latest version of Ubuntu comes with ufw (now it is the default firewall configuration tool for Ubuntu). It is developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall.

    List ufw firewall rules, enter:

    $ sudo ufw status verbose
    Sample outputs:
    Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
 
To                         Action      From
--                         ------      ----
71.81.22.14 80/tcp        ALLOW IN    Anywhere
71.81.22.15 80/tcp        ALLOW IN    Anywhere
     

    To disable ufw based firewall, enter:

    $ sudo ufw disable4


    List current firewall rules and stop firewall (old method)

    You can type the following command to see if firewall is active or not (open a terminal or ssh session and type the following command):
    $ sudo iptables -L -n
    Sample outputs:
    Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53 
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:67 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:67 
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state RELATED,ESTABLISHED 
ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
    You can save existing firewall rules as follows:
    $ sudo iptables-save > firewall.rules
    Finally, type the following commands to stop firewall and flush all the rules:
    $ sudo iptables -X
    $ sudo iptables -t nat -F
    $ sudo iptables -t nat -X
    $ sudo iptables -t mangle -F
    $ sudo iptables -t mangle -X
    $ sudo iptables -P INPUT ACCEPT
    $ sudo iptables -P FORWARD ACCEPT
    $ sudo iptables -P OUTPUT ACCEPT

     

Posted by at No comments:

Linux: The hole trick to bypass firewall restriction

Have you ever wondered how P2P software like Skype directly exchanges data when both client desktop sitting behind a firewall that only permits outgoing traffic.

This article explains how Skype & Co. get round firewalls using the hole trick. From the article:
Peer-to-peer software applications are a network administrator’s nightmare. In order to be able to exchange packets with their counterpart as directly as possible they use subtle tricks to punch holes in firewalls, which shouldn’t actually be letting in packets from the outside world.

This is a good article and a good idea carried out by Skype. This is not exactly a new concept (just search for NAT2NAT using google and you will get more information about this hack). Author has doen good job explaining the whole concept in clear language

How do I bypass Linux firewall restriction?

This article also covers DIY hole punching using standard hping2 and nc (netcat) tools under Linux. From the article:
Firstly start a UDP listener on UDP port 14141 on the local/1 console behind the firewall:

local/1# nc -u -l -p 14141
 
An external computer “remote” then attempts to contact it.

remote# echo "hello" | nc -p 53 -u local-fw 14141

However, as expected nothing is received on local/1 and, thanks to the firewall, nothing is returned to remote. Now on a second console, local/2, hping2, our universal tool for generating IP packets, punches a hole in the firewall:
 
local/2# hping2 -c 1 -2 -s 14141 -p 53 remote

As long as remote is behaving itself, it will send back a “port unreachable” response via ICMP – however this is of no consequence. On the second attempt
 
remote# echo "hello" | nc -p 53 -u local-fw 14141

The netcat listener on console local/1 then coughs up a “hello” – the UDP packet from outside has passed through the firewall and arrived at the computer behind it.
Right now there is no perfect solution exists, if you are using Linux based firewall to avoid abuse.
Posted by at No comments:
Subscribe to: Posts (Atom)