mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2024-12-25 12:42:34 +01:00
blog/ufw: limit access to cups & mdnsd to LAN
This commit is contained in:
parent
af8001edd9
commit
6a6ca79253
@ -23,8 +23,8 @@ ufw default allow outgoing
|
||||
systemctl enable ufw && systemctl start ufw
|
||||
ufw enable
|
||||
ufw reject 113
|
||||
ufw allow 631
|
||||
ufw allow 5353/udp
|
||||
ufw allow from 172.16.0.0/16 to any port 631
|
||||
ufw allow from 172.16.0.0/16 to any port 5353
|
||||
ufw allow 17500/tcp
|
||||
ufw allow 60000:61000/udp
|
||||
```
|
||||
@ -42,8 +42,9 @@ ufw allow 60000:61000/udp
|
||||
This makes ident checking IRC servers connect faster as they don't have
|
||||
to timeout. If you run shell server (for IRC purpouses) you should allow
|
||||
this instead.
|
||||
* 631/cups — Allow access to cups for printer sharing
|
||||
* 5353/mdns/Avahi — used for `.local` addresses
|
||||
* 631/cups — Allow access to cups for printer sharing from local network
|
||||
* 5353/mdns/Avahi — used for `.local` addresses and probably not needed
|
||||
outside local network
|
||||
* 17500/Dropbox — which I use everywhere
|
||||
* 60000:61000/mosh — I feel this is the most insecure part of this setup
|
||||
and there should be something bettter instead of this.
|
||||
|
Loading…
Reference in New Issue
Block a user