I like to leave little trivial tips for newbies once in awhile. Back when I first installed anything *nix, my first learning experience was Mandrake Linux. Not sure if that's still around or not, but then I got into a little FreeBSD.

Monkey'ing around with IP tables to set firewall policies back then was a pita, but I've been using debian for a long time now and since vs 9, an app called ufw makes things so much easier. Not sure if other flavors have it, but it simplifies a lot.

Keep something in mind, IF you ever get a remote host, (vps, etc), a lot of them come left wide open, with no firewall active.

After install, it's not active by default, but for a good reason. Once it becomes active, ALL ports are blocked, including the ssh you need to log on. So best to leave it off until you get some port allows entered. Like the following:

sudo ufw allow 22/tcp (this is the default port for remote ssh)

sudo ufw allow 3306/tcp (for mariadb/mysql)

You can also do port ranges easily:

sudo ufw allow 5998:5999/tcp
sudo ufw allow 5998:5999/udp

Afterwards, typing: sudo ufw enable (firewall becomes active)

Typing: ufw status verbose

would show something like this:



Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
3306/tcp ALLOW IN Anywhere
5998:5999/tcp ALLOW IN Anywhere
5998:5999/udp ALLOW IN Anywhere
7100:7500/tcp ALLOW IN Anywhere
7100:7500/udp ALLOW IN Anywhere
9000:9100/tcp ALLOW IN Anywhere
9000:9100/udp ALLOW IN Anywhere
7778/tcp ALLOW IN Anywhere
7778/udp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
3306/tcp (v6) ALLOW IN Anywhere (v6)
5998:5999/tcp (v6) ALLOW IN Anywhere (v6)
5998:5999/udp (v6) ALLOW IN Anywhere (v6)
7100:7500/tcp (v6) ALLOW IN Anywhere (v6)
7100:7500/udp (v6) ALLOW IN Anywhere (v6)
9000:9100/tcp (v6) ALLOW IN Anywhere (v6)
9000:9100/udp (v6) ALLOW IN Anywhere (v6)
7778/tcp (v6) ALLOW IN Anywhere (v6)
7778/udp (v6) ALLOW IN Anywhere (v6)