Firewall – GEEKDECODER

Securing IPFS with UFW Firewall on Debian 10

July 6, 2021 The Geek Decoder Leave a comment Firewall, IPFS

First lets install UFW

$ sudo apt-get install ufw

Check the Status

$ sudo ufw status verbose

By default, UFW is disabled so you should see something like this:

$ Status: inactive

Let’s set your UFW rules back to the defaults so we can be sure that you’ll be able to follow along with this tutorial. To set the defaults used by UFW, use these commands:

$ sudo ufw default deny incoming

Output:
Default incoming policy changed to ‘deny’
(be sure to update your rules accordingly)

$ sudo ufw default allow outgoing

Output:
Default outgoing policy changed to ‘allow’
(be sure to update your rules accordingly)

Allow SSH Connections

To configure your server to allow incoming SSH connections, you can use this UFW command:

$ sudo ufw allow ssh

Output:
Rules updated
Rules updated (v6)
this command works the same as the one above:

$ sudo ufw allow 22

Or if ssh is on a different port

$ sudo ufw allow 2222

Now that your firewall is configured to allow incoming SSH connections, we can enable it

$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Now lets add the port access for IPFS
4001 – default libp2p swarm port – should be open to public for all nodes if possible
5001 – API port – provides write/admin access to the node – should be locked down or only to your IP.
8080 – Gateway

$ sudo ufw allow 4001

$ sudo ufw allow 5001

$ sudo ufw allow 8080/tcp

Reload

$ sudo ufw reload

Remove a Port

$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 4001                       ALLOW IN    Anywhere
[ 3] 5001                       ALLOW IN    Anywhere
[ 4] 8080/tcp                   ALLOW IN    Anywhere
[ 5] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 6] 4001 (v6)                  ALLOW IN    Anywhere (v6)
[ 7] 5001 (v6)                  ALLOW IN    Anywhere (v6)
[ 8] 8080/tcp (v6)              ALLOW IN    Anywhere (v6)

$ sudo ufw delete 2

Delete all firewall rules

$ sudo ufw reset

To Allow connections for the Webui on a specific IP:

$ sudo ufw allow from 1.2.3.4 to any port 5001

sudo ufw reload

Forticlient – SSLVPN .deb packages

May 5, 2018 The Geek Decoder Leave a comment Firewall

Forticlient – SSLVPN is a VPN Client to connect to Fortigate Devices with minimal effort, packaged here for Ubuntu and Debian.

Here- https://hadler.me/linux/forticlient-sslvpn-deb-packages/

Check for Blocks in CentOS 7 Firewalld

January 8, 2018 The Geek Decoder Leave a comment Firewall

How to check if there are blocks in CentOS 7 firewalld

# grep -i blocked /var/log/messages | wc -l

Add port 80 to firewalld CentOS 7

October 20, 2015 The Geek Decoder Leave a comment CentOS 7, Firewall

By default the port 80 for http connection is filtered on Redhat 7 as you can only access this port from the actual localhost and not from any other public host. To open a port 80 on RHEL 7 Linux we need to add an iptables rule. For this RHEL7 uses firewall-cmd. First add your port 80 rule with a following command:

# firewall-cmd --permanent --zone=public --add-port=80/tcp --permanent

Once you add the above firewall rule reload firewall service:


# firewall-cmd --reload


# firewall-cmd --permanent --zone=<zone> --add-service=http


# firewall-cmd --permanent --zone=<zone> --add-port=80/tcp

You can check if the port has actually be opened by running:


# firewall-cmd --zone=<zone> --query-port=80/tcp


# firewall-cmd --zone=<zone> --query-service=http

How To Install CSF (Config Server Firewall) for WHM

November 28, 2014 The Geek Decoder Leave a comment cPanel, Firewall, WHM


# wget http://www.configserver.com/free/csf.tgz
# tar -xzf csf.tgz
# cd csf
# sh install.sh

If you would like to disable APF+BFD (which you will need to do to avoid conflicts):


# sh disable_apf_bfd.sh

Now, you can then configure csf and lfd in WHM, or edit the files directly in /etc/csf/*

Stop Spam and http access with IPtables

July 22, 2014 The Geek Decoder Leave a comment Email, Firewall, Iptables, Spam

To stop Spam:

drop SMTP on port 25, 465 and 587 to prevent further spam from being sent out by running the following commands:


# /sbin/iptables -A INPUT -p tcp --dport 25 -j DROP
# /sbin/iptables -A OUTPUT -p tcp --dport 25 -j DROP
# /sbin/iptables -A INPUT -p tcp --dport 465 -j DROP
# /sbin/iptables -A OUTPUT -p tcp --dport 465 -j DROP
# /sbin/iptables -A INPUT -p tcp --dport 587 -j DROP
# /sbin/iptables -A OUTPUT -p tcp --dport 587 -j DROP

Restart:

# service iptables restart

Block an IP accessing the site:

# iptables -A INPUT -s 80.35.xx.xxx -j DROP

Restart:

# service iptables restart

After that – check the cpnael access logs for the domain and see that there is a 403 Error:

# tail -f /usr/local/apache/domlogs/gamedayboston.com

80.82.xx.xx - - [07/Oct/2014:17:13:46 -0400] "POST /xmlrpc.php HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
80.82.xx.xx - - [07/Oct/2014:17:13:46 -0400] "POST /xmlrpc.php HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
80.82.xx.xx - - [07/Oct/2014:17:13:46 -0400] "POST /xmlrpc.php HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"

Add/Drop IP in iptables on cPanel server

July 22, 2014 The Geek Decoder Leave a comment cPanel, Firewall, Iptables

on cpanel, use


iptables -A cP-Firewall-1-INPUT -s 203.90.xxx.xxx -j DROP

Add IP and Port to iptables

July 17, 2014 The Geek Decoder Leave a comment Firewall, Iptables

How to add an IP to access the plesk panel and ssh

Open flle /etc/sysconfig/iptables:


# nano /etc/sysconfig/iptables
-A INPUT -s 72.177.xxx.xxx/32 -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -s 66.226.xx.xx/32 -p tcp -m tcp --dport 10222 -j ACCEPT

Save and restart iptables


service iptables restart