mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2024-12-26 13:12:34 +01:00
blog/ufw: limit access to cups & mdnsd to LAN
This commit is contained in:
parent
af8001edd9
commit
6a6ca79253
@ -23,8 +23,8 @@ ufw default allow outgoing
|
|||||||
systemctl enable ufw && systemctl start ufw
|
systemctl enable ufw && systemctl start ufw
|
||||||
ufw enable
|
ufw enable
|
||||||
ufw reject 113
|
ufw reject 113
|
||||||
ufw allow 631
|
ufw allow from 172.16.0.0/16 to any port 631
|
||||||
ufw allow 5353/udp
|
ufw allow from 172.16.0.0/16 to any port 5353
|
||||||
ufw allow 17500/tcp
|
ufw allow 17500/tcp
|
||||||
ufw allow 60000:61000/udp
|
ufw allow 60000:61000/udp
|
||||||
```
|
```
|
||||||
@ -42,8 +42,9 @@ ufw allow 60000:61000/udp
|
|||||||
This makes ident checking IRC servers connect faster as they don't have
|
This makes ident checking IRC servers connect faster as they don't have
|
||||||
to timeout. If you run shell server (for IRC purpouses) you should allow
|
to timeout. If you run shell server (for IRC purpouses) you should allow
|
||||||
this instead.
|
this instead.
|
||||||
* 631/cups — Allow access to cups for printer sharing
|
* 631/cups — Allow access to cups for printer sharing from local network
|
||||||
* 5353/mdns/Avahi — used for `.local` addresses
|
* 5353/mdns/Avahi — used for `.local` addresses and probably not needed
|
||||||
|
outside local network
|
||||||
* 17500/Dropbox — which I use everywhere
|
* 17500/Dropbox — which I use everywhere
|
||||||
* 60000:61000/mosh — I feel this is the most insecure part of this setup
|
* 60000:61000/mosh — I feel this is the most insecure part of this setup
|
||||||
and there should be something bettter instead of this.
|
and there should be something bettter instead of this.
|
||||||
|
Loading…
Reference in New Issue
Block a user