From 0df0fdbe282bdb49b7c5ac19e290eb56a78d5144 Mon Sep 17 00:00:00 2001 From: sysadt Date: Wed, 22 Feb 2023 22:16:02 +0100 Subject: [PATCH] Changes to ufw 1. added section about deleting ufw rules 2. changed wording in the ufw comments from "allow traffic out on port" to "allow traffic out to port". IMO the "on" sounds like opening source ports 3. added mail to common use-cases with ports 25 and 587 --- README.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 48a1d95..c859213 100644 --- a/README.md +++ b/README.md @@ -1445,10 +1445,10 @@ You can create rules by explicitly specifying the ports or with application conf 1. Allow additional traffic as per your needs. Some common use-cases: ``` bash - # allow traffic out on port 53 -- DNS + # allow traffic out to port 53 -- DNS sudo ufw allow out 53 comment 'allow DNS calls out' - # allow traffic out on port 123 -- NTP + # allow traffic out to port 123 -- NTP sudo ufw allow out 123 comment 'allow NTP out' # allow traffic out for HTTP, HTTPS, or FTP @@ -1459,8 +1459,12 @@ You can create rules by explicitly specifying the ports or with application conf # allow whois sudo ufw allow out whois comment 'allow whois' + + # allow mails for status notifications -- choose port according to your provider + sudo ufw allow out 25 comment 'allow SMTP out' + sudo ufw allow out 587 comment 'allow SMTP out' - # allow traffic out on port 68 -- the DHCP client + # allow traffic out to port 68 -- the DHCP client # you only need this if you're using DHCP sudo ufw allow out 67 comment 'allow the DHCP client to update' sudo ufw allow out 68 comment 'allow the DHCP client to update' @@ -1542,6 +1546,14 @@ You can create rules by explicitly specifying the ports or with application conf > 43/tcp (v6) ALLOW OUT Anywhere (v6) # allow whois > ``` +7. Deleting a rule + + ``` bash + sudo ufw status numbered + [...] + sudo ufw delete 3 #line number of the rule you want to delete + ``` + #### Default Applications ufw ships with some default applications. You can see them with: