Changes between Version 19 and Version 20 of Csle2022/Agenda/FW

Timestamp:

Nov 25, 2022, 4:29:27 AM (2 years ago)

Author:

geethike

Comment:

--

Csle2022/Agenda/FW

@@ -344 +344 @@
 Nginx Full (v6)            ALLOW       Anywhere (v6)        
 }}}
+
+This output indicates that the '''Nginx Full''' application profile is currently enabled, allowing any and all connections to the web server both via HTTP as well as via HTTPS. If you’d want to only allow HTTPS requests from and to your web server, you’d have to first enable the most restrictive rule, which in this case would be '''Nginx HTTPS''', and then disable the currently active '''Nginx Full''' rule:
+{{{
+sudo ufw allow "Nginx HTTPS"
+sudo ufw delete allow "Nginx Full"
+}}}
+
+'''Allow SSH'''
+
+When working with remote servers, you’ll want to make sure that the SSH port is open to connections so that you are able to log in to your server remotely.
+
+The following command will enable the OpenSSH UFW application profile and allow all connections to the default SSH port on the server:
+{{{
+sudo ufw allow OpenSSH
+}}}
+Although less user-friendly, an alternative syntax is to specify the exact port number of the SSH service, which is typically set to 22 by default:
+{{{
+sudo ufw allow 22
+}}}
+'''Allow Incoming SSH from Specific IP Address or Subnet'''
+
+To allow incoming connections from a specific IP address or subnet, you’ll include a from directive to define the source of the connection. This will require that you also specify the destination address with a to parameter. To lock this rule to SSH only, you’ll limit the proto (protocol) to tcp and then use the port parameter and set it to 22, SSH’s default port.
+
+The following command will allow only SSH connections coming from the IP address 203.0.113.103:
+{{{
+sudo ufw allow from 203.0.113.103 proto tcp to any port 22
+}}}
+You can also use a subnet address as from parameter to allow incoming SSH connections from an entire network:
+{{{
+sudo ufw allow from 203.0.113.0/24 proto tcp to any port 22
+}}}
+'''Allow Nginx HTTP / HTTPS'''
+
+Upon installation, the Nginx web server sets up a few different UFW profiles within the server. Once you have Nginx installed and enabled as a service, run the following command to identify which profiles are available:
+{{{
+sudo ufw app list | grep Nginx
+}}}
+{{{
+Output
+  Nginx Full
+  Nginx HTTP
+  Nginx HTTPS
+}}}
+To enable both HTTP and HTTPS traffic, choose '''''Nginx Full'''''. Otherwise, choose either '''''Nginx HTTP''''' to allow only HTTP or '''''Nginx HTTPS''''' to allow only HTTPS.
+
+The following command will allow both HTTP and HTTPS traffic on the server (ports 80 and 443):
+{{{
+sudo ufw allow "Nginx Full"
+}}}
+'''Allow All Incoming HTTP and HTTPS'''
+
+If you want to allow both HTTP and HTTPS traffic, you can create a single rule that allows both ports. This usage requires that you also define the protocol with the proto parameter, which in this case should be set to tcp.
+
+To allow all incoming HTTP and HTTPS (ports 80 and 443) connections, run:
+{{{
+sudo ufw allow proto tcp from any to any port 80,443
+}}}
+
+'''Allow MySQL Connection from Specific IP Address or Subnet'''
+
+MySQL listens for client connections on port 3306. If your MySQL database server is being used by a client on a remote server, you’ll need to create a UFW rule to allow that access.
+
+To allow incoming MySQL connections from a specific IP address or subnet, use the from parameter to specify the source IP address and the port parameter to set the destination port 3306.
+
+The following command will allow the IP address 203.0.113.103 to connect to the server’s MySQL port:
+{{{
+sudo ufw allow from 203.0.113.103 to any port 3306
+}}}
+To allow the entire 203.0.113.0/24 subnet to be able to connect to your MySQL server, run:
+{{{
+sudo ufw allow from 203.0.113.0/24 to any port 3306
+}}}