{"id":1854,"date":"2019-09-18T13:36:30","date_gmt":"2019-09-18T19:36:30","guid":{"rendered":"https:\/\/ugit.siua.ac.cr\/?p=1854"},"modified":"2023-10-25T20:07:07","modified_gmt":"2023-10-26T02:07:07","slug":"ubuntu-ufw-instalacion-y-configuracion","status":"publish","type":"post","link":"https:\/\/sada.services\/?p=1854","title":{"rendered":"UBUNTU: UFW Instalaci\u00f3n y Configuraci\u00f3n"},"content":{"rendered":"\n<ul class=\"wp-block-list\">\n<li>Instalamos:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt-get install gufw<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Agregamos las reglas para permitir&nbsp;los puertos 44 (ssh) \/ 80 y 443 (web)<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow 44\/tcp\nufw allow 44\/udp\nufw allow 80\/tcp\nufw allow 80\/udp\nufw allow 443\/tcp\nufw allow 443\/udp<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Activamos\/Desactivamos el log<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw logging on\nsudo ufw logging off<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Establecemos la regla defecto que deniegue todo<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw default deny<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Activamos\/Desactivamos el UFW<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw enable\nufw disable<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Aplicamos todas reglas necesarias <\/li>\n\n\n\n<li>Deshabilitamos ipv6 abrimos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/default\/ufw<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Y modificamos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>IPV6=yes\nX\nIPV6=no<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Recargamos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>service ufw stop\nservice ufw start\nservice ufw status<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ahora podemos consultar la reglas<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw status\nufw status numbered\nufw status verbose<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>RESULTADO:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">Estado: activo\n\n Hasta Acci\u00f3n Desde\n ----- ------ -----\n[ 1] 44\/tcp ALLOW IN Anywhere \n[ 2] 44\/udp ALLOW IN Anywhere \n[ 3] 80\/tcp ALLOW IN Anywhere \n[ 4] 80\/udp ALLOW IN Anywhere \n[ 5] 443\/tcp ALLOW IN Anywhere \n[ 6] 443\/udp ALLOW IN Anywhere \n[ 7] 44\/tcp (v6) ALLOW IN Anywhere (v6) \n[ 8] 44\/udp (v6) ALLOW IN Anywhere (v6) \n[ 9] 80\/tcp (v6) ALLOW IN Anywhere (v6) \n[10] 80\/udp (v6) ALLOW IN Anywhere (v6) \n[11] 443\/tcp (v6) ALLOW IN Anywhere (v6) \n[12] 443\/udp (v6) ALLOW IN Anywhere (v6) <\/pre>\n\n\n\n<h1 class=\"wp-block-heading\">RESUMEN COMANDOS:<\/h1>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Habilitar\/deshabilitar<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw enable\nufw disable<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ver estado:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw status\nufw status numbered\nufw status verbose<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Desbloquear una IP<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw status numbered\nufw delete NUM\nufw delete 4<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Eliminar la configuraci\u00f3n y todas las reglas<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw reset<\/code><\/pre>\n\n\n\n<h1 class=\"wp-block-heading\">CREACI\u00d3N DE REGLAS<\/h1>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Habilitar puertos:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow {puerto}\/{protocolo}\nufw allow 22\/tcp<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Habilitar un servicio<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow {servicio}\nufw allow ssh<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Denegar un servicio<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw deny out from any to {servicio}\nufw deny out from any to ssh<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Permitir una IP<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow {ip} \nufw allow 192.168.1.5<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Permitir una sured<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow {subnet}\nufw allow 192.168.1.0\/24<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Permitir una IP con Puerto y Procotolo<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow {ip} port {puerto} proto {protocolo}\nufw allow 192.168.0.4 port 22 proto tcp<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bloquear una IP<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw deny from {ip} to any\nufw deny from 192.168.1.5 to any<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bloquear una IP solo salida (OUT)<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw deny out from any to {ip}\nufw deny out from any to 207.46.232.182<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bloquear una IP con Puerto<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw deny from {ip} to any port {p\u00faerto}\nufw deny from 202.54.1.5 to any port 80<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bloquear una IP con Puerto y Protocolo<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw deny proto {tcp|udp} from {ip} to any port {puerto}\nufw deny proto tcp from 202.54.1.1 to any port 22<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bloquear una red<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw deny proto tcp from {subnet} to any port 22\nufw deny proto tcp from 202.54.1.0\/24 to any port 22<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Deshabilitar PING<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/ufw\/before.rules\n************************\nBuscar:\n************************\n# ok icmp codes\n-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT\n-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT\n-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT\n-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT\n-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT\n************************\nREMPLAZAR: ACCEPT X DROP\n************************\n# ok icmp codes\n-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP\n-A ufw-before-input -p icmp --icmp-type source-quench -j DROP\n-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP\n-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP\n-A ufw-before-input -p icmp --icmp-type echo-request -j DROP<\/code><\/pre>\n\n\n\n<h1 class=\"wp-block-heading\">COMANDOS ADICIONALES<\/h1>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Saber la lista de servicios &#8211; puertos existentes<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>less \/etc\/services<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Saber conexiones establecidas<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>netstat -tua\nnetstat -tuan\nnetstat -plut\nnetstat -putona\nnetstat -lnp\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Saber si un puerto esta abierto<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nmap -p 44 localhost\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Saber los puertos abiertos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nmap -sT -O localhost<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>RESULTADO<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">Starting Nmap 7.60 ( https:\/\/nmap.org ) at 2018-05-15 14:18 CST<br>Nmap scan report for localhost (127.0.0.1)<br>Host is up (0.00015s latency).<br>Not shown: 993 closed ports<br>PORT STATE SERVICE<br>25\/tcp open smtp<br>80\/tcp open http<br>139\/tcp open netbios-ssn<br>443\/tcp open https<br>445\/tcp open microsoft-ds<br>631\/tcp open ipp<br>3306\/tcp open mysql<br>Device type: general purpose<br>Running: Linux 3.X|4.X<br>OS CPE: cpe:\/o:linux:linux_kernel:3 cpe:\/o:linux:linux_kernel:4<br>OS details: Linux 3.8 - 4.9<br>Network Distance: 0 hops<br><br>OS detection performed. Please report any incorrect results at https:\/\/nmap.org\/submit\/ .<br>Nmap done: 1 IP address (1 host up) scanned in 2.39 seconds<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Si deseamos saber cual es el programa responsable<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>fuser -v 25\/tcp\nfuser -v 631\/tcp<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Estado: activo Hasta Acci\u00f3n Desde &#8212;&#8211; &#8212;&#8212; &#8212;&#8211; [ 1] 44\/tcp ALLOW IN Anywhere [ 2] 44\/udp ALLOW IN Anywhere [ 3] 80\/tcp ALLOW IN Anywhere [ 4] 80\/udp ALLOW IN Anywhere [ 5] 443\/tcp ALLOW IN Anywhere [ 6] 443\/udp ALLOW IN Anywhere [ 7] 44\/tcp (v6) ALLOW IN Anywhere (v6) [ 8] 44\/udp [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":851,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-1854","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"_links":{"self":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/1854","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1854"}],"version-history":[{"count":5,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/1854\/revisions"}],"predecessor-version":[{"id":15983,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/1854\/revisions\/15983"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/media\/851"}],"wp:attachment":[{"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1854"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1854"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}