sudo apt-get install gufw
- Agregamos las reglas para permitir los puertos 44 (ssh) / 80 y 443 (web)
ufw allow 44/tcp
ufw allow 44/udp
ufw allow 80/tcp
ufw allow 80/udp
ufw allow 443/tcp
ufw allow 443/udp
- Activamos/Desactivamos el log
sudo ufw logging on
sudo ufw logging off
- Establecemos la regla defecto que deniegue todo
ufw default deny
- Activamos/Desactivamos el UFW
ufw enable
ufw disable
- Aplicamos todas reglas necesarias
- Deshabilitamos ipv6 abrimos
nano /etc/default/ufw
IPV6=yes
X
IPV6=no
service ufw stop
service ufw start
service ufw status
- Ahora podemos consultar la reglas
ufw status
ufw status numbered
ufw status verbose
Estado: activo
Hasta Acción Desde
----- ------ -----
[ 1] 44/tcp ALLOW IN Anywhere
[ 2] 44/udp ALLOW IN Anywhere
[ 3] 80/tcp ALLOW IN Anywhere
[ 4] 80/udp ALLOW IN Anywhere
[ 5] 443/tcp ALLOW IN Anywhere
[ 6] 443/udp ALLOW IN Anywhere
[ 7] 44/tcp (v6) ALLOW IN Anywhere (v6)
[ 8] 44/udp (v6) ALLOW IN Anywhere (v6)
[ 9] 80/tcp (v6) ALLOW IN Anywhere (v6)
[10] 80/udp (v6) ALLOW IN Anywhere (v6)
[11] 443/tcp (v6) ALLOW IN Anywhere (v6)
[12] 443/udp (v6) ALLOW IN Anywhere (v6)
RESUMEN COMANDOS:
ufw enable
ufw disable
ufw status
ufw status numbered
ufw status verbose
ufw status numbered
ufw delete NUM
ufw delete 4
- Eliminar la configuración y todas las reglas
ufw reset
CREACIÓN DE REGLAS
ufw allow {puerto}/{protocolo}
ufw allow 22/tcp
ufw allow {servicio}
ufw allow ssh
ufw deny out from any to {servicio}
ufw deny out from any to ssh
ufw allow {ip}
ufw allow 192.168.1.5
ufw allow {subnet}
ufw allow 192.168.1.0/24
- Permitir una IP con Puerto y Procotolo
ufw allow {ip} port {puerto} proto {protocolo}
ufw allow 192.168.0.4 port 22 proto tcp
ufw deny from {ip} to any
ufw deny from 192.168.1.5 to any
- Bloquear una IP solo salida (OUT)
ufw deny out from any to {ip}
ufw deny out from any to 207.46.232.182
- Bloquear una IP con Puerto
ufw deny from {ip} to any port {púerto}
ufw deny from 202.54.1.5 to any port 80
- Bloquear una IP con Puerto y Protocolo
ufw deny proto {tcp|udp} from {ip} to any port {puerto}
ufw deny proto tcp from 202.54.1.1 to any port 22
ufw deny proto tcp from {subnet} to any port 22
ufw deny proto tcp from 202.54.1.0/24 to any port 22
nano /etc/ufw/before.rules
************************
Buscar:
************************
# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
************************
REMPLAZAR: ACCEPT X DROP
************************
# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP
COMANDOS ADICIONALES
- Saber la lista de servicios – puertos existentes
less /etc/services
- Saber conexiones establecidas
netstat -tua
netstat -tuan
netstat -plut
netstat -putona
netstat -lnp
- Saber si un puerto esta abierto
nmap -p 44 localhost
- Saber los puertos abiertos
nmap -sT -O localhost
Starting Nmap 7.60 ( https://nmap.org ) at 2018-05-15 14:18 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00015s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
631/tcp open ipp
3306/tcp open mysql
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.8 - 4.9
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.39 seconds
- Si deseamos saber cual es el programa responsable
fuser -v 25/tcp
fuser -v 631/tcp