Originally Posted by
capo1949
Which lines in ufw should I delete for better security?
Anything that says "ALLOW Anywhere". Basically you should ONLY open these ports externally if you need external services running on them (apache, ssh, etc).
For other stuff that should stay local - samba, nfs, you should NOT open those ports to the world so to speak.
So for example, if I wanted to allow any IP on my LAN the only rule I would need is:
Code:
sudo ufw allow from 192.168.0.0/24
That way you allow any LAN traffic to your server. If you want it even more secure, give static IPs to your workstations and allow rules based on the workstation. Drilling down to the port number can be cumbersome, but it is the most secure option.
Bookmarks