Konfigurasi Firewall UFW: Difference between revisions
Created page with "UFW adalah front-end untuk iptables, untuk membuat pengelolaan firewall Netfilter lebih mudah, maka nama "Uncomplicated Firewall". Ini menyediakan antarmuka baris perintah dengan sintaks yang mirip dengan Filter Paket OpenBSD. Ini sangat cocok sebagai firewall berbasis host. UFW adalah iptables front-end yang direkomendasikan pada Distro Linux berbasis Debian dan biasanya sudah diinstal sebelumnya pada distro ini. Secara default, UFW menetapkan aturan firewall untuk alam..." |
|||
| (7 intermediate revisions by the same user not shown) | |||
| Line 21: | Line 21: | ||
*Membuka semua port yang digunakan [[Apache]] | *Membuka semua port yang digunakan [[Apache]] | ||
sudo ufw allow "Apache Full | sudo ufw allow "Apache Full" | ||
==Membuat Backlist IP== | ==Membuat Backlist IP== | ||
| Line 34: | Line 34: | ||
sudo ufw insert 1 deny in from 12.34.56.78 | sudo ufw insert 1 deny in from 12.34.56.78 | ||
==Source== | ==Deleting UFW rules by rule number== | ||
*[https:// | sudo ufw status numbered | ||
*'''Output''' | |||
To Action From | |||
-- ------ ---- | |||
[ 1] 80/tcp ALLOW IN Anywhere | |||
[ 2] 443/tcp ALLOW IN Anywhere | |||
[ 3] 6789/tcp ALLOW IN Anywhere | |||
[ 4] 22/tcp DENY IN Anywhere | |||
[ 5] 80/tcp (v6) ALLOW IN Anywhere (v6) | |||
[ 6] 443/tcp (v6) ALLOW IN Anywhere (v6) | |||
[ 7] 6789/tcp (v6) ALLOW IN Anywhere (v6) | |||
[ 8] 22/tcp (v6) DENY IN Anywhere (v6) | |||
Jika ingin menghapus port 80/tcp masukkan perintah berikut | |||
sudo ufw delete 1 | |||
==Removing UFW rules by ufw syntax== | |||
sudo ufw allow 80/tcp | |||
sudo ufw allow 443/tcp | |||
sudo ufw deny 23/tcp | |||
*Deleted | |||
sudo ufw delete allow 80/tcp | |||
sudo ufw delete allow 443/tcp | |||
sudo ufw delete deny 23/tcp | |||
== Block ping (ICMP) == | |||
In order to deny any incoming ICMP ping requests we need to modify <code>/etc/ufw/before.rules</code> UFW’s configuration file. First, make a backup copy: | |||
<syntaxhighlight lang="bash"> | |||
sudo cp /etc/ufw/before.rules /etc/ufw/before.rules_backup | |||
</syntaxhighlight> | |||
Next, open the file with root privileges using your favorite text editor and change: | |||
FROM: | |||
<syntaxhighlight lang="bash"> | |||
# ok icmp codes for INPUT | |||
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT | |||
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT | |||
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT | |||
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT | |||
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT | |||
</syntaxhighlight> | |||
TO: | |||
<syntaxhighlight lang="bash"> | |||
# ok icmp codes for INPUT | |||
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP | |||
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP | |||
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP | |||
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP | |||
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP | |||
</syntaxhighlight> | |||
== Source == | |||
*[https://www.linuxbabe.com/security/ufw-firewall-debian-ubuntu-linux-mint-server linuxbabe.com] | |||
*[https://www.cyberciti.biz/faq/how-to-delete-a-ufw-firewall-rule-on-ubuntu-debian-linux/ cyberciti.biz] | |||
*[https://linuxconfig.org/how-to-deny-icmp-ping-requests-on-ubuntu-18-04-bionic-beaver-linux linuxconfig.org] | |||
[[Category:Server]] | [[Category:Server]] | ||
[[Category:Security]] | [[Category:Security]] | ||
[[Category:Firewall]] | |||