mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2024-12-25 12:42:34 +01:00
_posts/ufw: typo fixes & add teredo
This commit is contained in:
parent
9cbdd67a16
commit
5e456c114f
@ -24,6 +24,7 @@ systemctl enable ufw && systemctl start ufw
|
||||
ufw enable
|
||||
ufw reject 113/tcp
|
||||
ufw allow from 172.16.0.0/16 to any port 631
|
||||
ufw allow 3544/udp
|
||||
ufw allow from 172.16.0.0/16 to any port 5353 proto udp
|
||||
ufw allow from 173.16.0.0/16 to any port 9091 proto tcp
|
||||
ufw allow from 172.16.0.0/16 to any port 17500 proto tcp
|
||||
@ -31,11 +32,11 @@ ufw allow 60000:61000/udp
|
||||
```
|
||||
|
||||
* 22 TCP/ssh — Prevent more than 6 connections in 30 seconds to the SSH
|
||||
port and it's the first command as you don't want to lock yourself out of
|
||||
and it's the first command as you don't want to lock yourself out of
|
||||
port and it's the first command as you don't want to lock yourself out
|
||||
of it.
|
||||
* Deny incoming connections unless the port has been whitelisted.
|
||||
* Allow all outgoing connections, keeping list of authorized ports would be
|
||||
too much for me.
|
||||
* Allow all outgoing connections, keeping list of authorized ports would
|
||||
be too much for me.
|
||||
* Start ufw on boot and now (I am not sure if this step is required, but
|
||||
better safe than sorry).
|
||||
* Put the firewall in force.
|
||||
@ -45,8 +46,10 @@ ufw allow 60000:61000/udp
|
||||
allow this instead.
|
||||
* 631 both/cups — Allow access to cups for printer sharing from local
|
||||
network
|
||||
* 5353 UDP/mdns/Avahi — used for `.local` addresses and probably not needed
|
||||
outside local network
|
||||
* 3544 udp/miredo — Sadly native IPv6 isn't everywhere, neither is 6rd
|
||||
with every ISP or proper tunnel.
|
||||
* 5353 UDP/mdns/Avahi — used for `.local` addresses and probably not
|
||||
needed outside local network
|
||||
* 9091 TCP/transmission web interface — also something I want to access
|
||||
from LAN. This seems risky too, but risks can be limited by only
|
||||
using this rule with static hosts.
|
||||
|
Loading…
Reference in New Issue
Block a user