Wiki

Konfigurasi Firewall UFW: Difference between revisions

← Older edit
Kangtain (talk | contribs)
Bureaucrats, Interface administrators, Suppressors, Administrators
9,272 edits
VisualWikitext
 
(5 intermediate revisions by the same user not shown)
Line 34: Line 34:
  sudo ufw insert 1 deny in from 12.34.56.78
  sudo ufw insert 1 deny in from 12.34.56.78


==Source==
==Deleting UFW rules by rule number==
sudo ufw status numbered
 
*'''Output'''
      To                        Action      From
      --                        ------      ----
[ 1] 80/tcp                    ALLOW IN    Anywhere                 
[ 2] 443/tcp                    ALLOW IN    Anywhere                 
[ 3] 6789/tcp                  ALLOW IN    Anywhere                 
[ 4] 22/tcp                    DENY IN    Anywhere                 
[ 5] 80/tcp (v6)                ALLOW IN    Anywhere (v6)           
[ 6] 443/tcp (v6)              ALLOW IN    Anywhere (v6)           
[ 7] 6789/tcp (v6)              ALLOW IN    Anywhere (v6)           
[ 8] 22/tcp (v6)                DENY IN    Anywhere (v6)
 
Jika ingin menghapus port 80/tcp masukkan perintah berikut
sudo ufw delete 1
 
==Removing UFW rules by ufw syntax==
sudo ufw allow 80/tcp
 
sudo ufw allow 443/tcp
 
sudo ufw deny 23/tcp
 
*Deleted
sudo ufw delete allow 80/tcp
 
sudo ufw delete allow 443/tcp
 
sudo ufw delete deny 23/tcp
 
== Block ping (ICMP) ==
In order to deny any incoming ICMP ping requests we need to modify <code>/etc/ufw/before.rules</code> UFW’s configuration file. First, make a backup copy:
 
<syntaxhighlight lang="bash">
sudo cp /etc/ufw/before.rules /etc/ufw/before.rules_backup
</syntaxhighlight>
 
Next, open the file with root privileges using your favorite text editor and change:
 
FROM:
 
<syntaxhighlight lang="bash">
# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
</syntaxhighlight>
 
TO:
<syntaxhighlight lang="bash">
  # ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP
</syntaxhighlight>
 
== Source ==
*[https://www.linuxbabe.com/security/ufw-firewall-debian-ubuntu-linux-mint-server linuxbabe.com]
*[https://www.linuxbabe.com/security/ufw-firewall-debian-ubuntu-linux-mint-server linuxbabe.com]
*[https://www.cyberciti.biz/faq/how-to-delete-a-ufw-firewall-rule-on-ubuntu-debian-linux/ cyberciti.biz]
*[https://linuxconfig.org/how-to-deny-icmp-ping-requests-on-ubuntu-18-04-bionic-beaver-linux linuxconfig.org]


[[Category:Server]]
[[Category:Server]]
[[Category:Security]]
[[Category:Security]]
[[Category:Firewall]]
Retrieved from "https://kangtain.com/wiki/index.php/Konfigurasi_Firewall_UFW"