Re: Setting up ufw on with Lighttpd, Varnish, MySQL, etc?
If you are still at the beginning of this project I would recommend using iptables directly instead of ufw. The rules will be much more clear, ufw in some cases makes a mess, although it still works.
First of all, you have direct access to the server (not only ssh) so you can't lock yourself out, right?
Also, with iptables you can test rule by rule without even making them permanent. For example, try disabling ufw, flushing the iptables, then setting up DROP policy for incoming traffic and allowing only ssh on port 22:
Code:
sudo ufw disable
sudo iptables -F
sudo iptables -P INPUT DROP
sudo iptables -P OUTPUT ACCEPT
sudo iptables -A INPUT -i <interface> -p tcp --dport 22 -j ACCEPT
If you want you can limit the interface on which the traffic will be allowed with -i, if not remove that from the command. After executing that iptables command you should have ssh access.
For other ports and services it would be similar.
Darko.
-----------------------------------------------------------------------
Ubuntu 18.04 LTS 64bit
Bookmarks