blog/ufw: limit access to cups & mdnsd to LAN

This commit is contained in:
Aminda Suomalainen 2015-08-22 12:01:20 +03:00
parent af8001edd9
commit 6a6ca79253

View File

@ -23,8 +23,8 @@ ufw default allow outgoing
systemctl enable ufw && systemctl start ufw systemctl enable ufw && systemctl start ufw
ufw enable ufw enable
ufw reject 113 ufw reject 113
ufw allow 631 ufw allow from 172.16.0.0/16 to any port 631
ufw allow 5353/udp ufw allow from 172.16.0.0/16 to any port 5353
ufw allow 17500/tcp ufw allow 17500/tcp
ufw allow 60000:61000/udp ufw allow 60000:61000/udp
``` ```
@ -42,8 +42,9 @@ ufw allow 60000:61000/udp
This makes ident checking IRC servers connect faster as they don't have This makes ident checking IRC servers connect faster as they don't have
to timeout. If you run shell server (for IRC purpouses) you should allow to timeout. If you run shell server (for IRC purpouses) you should allow
this instead. this instead.
* 631/cups — Allow access to cups for printer sharing * 631/cups — Allow access to cups for printer sharing from local network
* 5353/mdns/Avahi — used for `.local` addresses * 5353/mdns/Avahi — used for `.local` addresses and probably not needed
outside local network
* 17500/Dropbox — which I use everywhere * 17500/Dropbox — which I use everywhere
* 60000:61000/mosh — I feel this is the most insecure part of this setup * 60000:61000/mosh — I feel this is the most insecure part of this setup
and there should be something bettter instead of this. and there should be something bettter instead of this.