1. Information
-
See https://www.zenarmor.com/docs/network-security-tutorials/how-to-set-up-a-firewall-with-ufw-on-debian.
-
See https://www.linuxbabe.com/security/ufw-firewall-debian-ubuntu-linux-mint-server.
-
See https://www.itprotoday.com/linux-os/linux-ufw-uncomplicated-firewall-configuration-made-easy.
-
See https://www.cyberciti.biz/faq/set-up-a-firewall-with-ufw-on-debian-12-linux.
-
See https://askubuntu.com/questions/174981/how-do-i-configure-ufw-to-allow-ssh-on-another-port.
-
The iptables command has been replaced with the iptables-nft command.
-
Enter the following commands at a Command Line.
sudo which iptables # /usr/sbin/iptables ls -al /usr/sbin/iptables # /etc/alternatives/iptables ls -al /etc/alternatives/iptables # /usr/sbin/iptables-nft sudo which iptables-nft # /usr/sbin/iptables-nft ls -al /usr/sbin/iptables-nft # /usr/sbin/xtables-nft-multi ls -al /usr/sbin/xtables-nft-multi # /usr/sbin/xtables-nft-multi man iptables-nft
2. Installation
-
Enter the following commands at a Command Line.
sudo apt-get install ufw sudo ufw version # ufw 0.36.2
3. Configuration
-
Enter the following commands at a Command Line.
# Allow outgoing connections. sudo ufw default allow outgoing # Deny incoming connections. sudo ufw default deny incoming # Allow incoming SSH. sudo ufw allow ssh # Disable uncomplicated firewall. sudo ufw --force disable. # Enable uncomplicated firewall. sudo ufw --force enable sudo ufw status verbose
4. Port Forwarding
4.1. VPS
-
Log in as smru@localhost.
-
Enter the following commands at a Command Line.
cd ~delta/github/git/delta-software-labs/Documentation cd ../Linux-Tools make clean-all; make ls -al scp -p delta-linux-tools-1.9.4beta-1-all.deb team@vps-web.deltasoftware.frl: -
Log in as team@vps-web.deltasoftware.frl.
-
Enter the following commands at a Command Line.
ls -al sudo dpkg -i delta-linux-tools-1.9.4beta-1-all.deb sudo delta setup ufw sudo ufw status verbose sudo ufw allow 22222/tcp sudo ufw allow 443/tcp sudo ufw status verbose sudo sed -i 's|DEFAULT_FORWARD_POLICY="DROP"|DEFAULT_FORWARD_POLICY="ACCEPT"|' /etc/default/ufw diff /etc/default/ufw.org /etc/default/ufw sudo systemctl restart ufw sudo sed -i 's|#net/ipv4/ip_forward=1|net/ipv4/ip_forward=1|' /etc/ufw/sysctl.conf diff /etc/ufw/sysctl.conf.org /etc/ufw/sysctl.conf sudo systemctl restart ufw sudo cp -a /etc/ufw/before.rules /etc/ufw/before.rules.org sudo diff /etc/ufw/before.rules.org /etc/ufw/before.rules -
Add the following lines to /etc/ufw/before.rules, before the filter section, right at the top of the file.
# Port forwarding. *nat :PREROUTING ACCEPT [0:0] -A PREROUTING -p tcp --dport 22222 -j REDIRECT --to-port 22 COMMIT
-
Enter the following commands at a Command Line.
sudo diff /etc/ufw/before.rules.org /etc/ufw/before.rules sudo systemctl restart ufw -
Enter the following commands at a Command Prompt.
putty.exe -P 22 team@vps-web.deltasoftware.frl putty.exe -P 22222 team@vps-web.deltasoftware.frl ssh.exe -p 22 team@vps-web.deltasoftware.frl ssh.exe -p 22222 team@vps-web.deltasoftware.frl -
Enter the following commands at a Command Prompt.
ssh.exe -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 -p 22222 -R :22000:127.0.0.1:22 team@vps-web.deltasoftware.frl
4.2. WSL2
-
Enter the following commands at a Command Line.
sudo ufw status verbose sudo ufw allow 22222/tcp sudo ufw status verbose -
Enter the following commands at a Command Prompt with administrative privileges.
netsh.exe interface portproxy show all netsh.exe interface portproxy add v4tov4 listenaddress=localhost listenport=22222 connectaddress=localhost connectport=22 netsh.exe interface portproxy show all -
Enter the following commands at a Command Prompt.
putty.exe -P 22 smru@localhost putty.exe -P 22222 smru@localhost ssh.exe -p 22 smru@localhost ssh.exe -p 22222 smru@localhost