Re: [Hampshire] ufw

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Rob Malpass at <-
MMGareth at ->

Reply to this message
Author: Gareth Evans
Date:  
To: Rob Malpass, Hampshire LUG Discussion List
Subject: Re: [Hampshire] ufw
My understanding would agree with yours, but "machine" is the key point.
If you had mulltiple IP addresses on your server, "any" would allow
192.168.0.99 to ssh into any of them. If you only have one, it doesn't
matter, but might be worth bearing in mind in case you set up another
which you don't want 192.168.0.99 to be able to ssh into. In this case
you would need to replace "any" with the IP address you do want to be
ssh'd into.


On Fri, 3 Nov 2017, at 15:41, Rob Malpass via Hampshire wrote:
> Thanks both – so if I do


>


> sudo ufw allow from 192.168.0.99 to any port 22


>


> then am I doing anything other than saying 192.168.0.99 can ssh in to
> this machine? This is what I’m trying to achieve but the “any” is
> confusing me somewhat – though the rule itself does seem to be doing
> what I want.>


> Cheers


> Rob


>


> *From:* Hampshire [mailto:hampshire-bounces@mailman.lug.org.uk] *On
> Behalf Of *Gareth Evans via Hampshire *Sent:* 03 November 2017 15:28
> *To:* Peter B.; Hampshire LUG Discussion List *Subject:* Re:
> [Hampshire] ufw>


> man ufw doesn't seem to have much to say on the matter, but


>


> https://help.ubuntu.com/community/UFW


>


> suggests "any" in this context means any destination IP address (given
> that there may be many associated with a host):>


>> *Allow by specific port, IP address and protocol*


>>


>> sudo ufw allow from <target> to <destination> port <port number>
>> proto <protocol name>>>


>> *example: allow IP address 192.168.0.4 access to port 22 using TCP*>>


>> sudo ufw allow from 192.168.0.4 to any port 22 proto tcp


>


>


>


> On Fri, 3 Nov 2017, at 14:57, Peter B. via Hampshire wrote:


>> From any port on y Maybe?


>>


>> On 3 Nov 2017 14:53, "Rob Malpass via Hampshire"
>> <hampshire@???> wrote:>>> Hi all


>>>


>>> Simple question (I hope). If I’m opening port x from ip address y
>>> on my network with the following command>>>


>>> sudo ufw allow from y to any port x


>>>


>>> …then where does the “any” come from? Anyone know? Seems strange
>>> to say “any port” then list the port number – unless I’ve
>>> misunderstood the rule.>>>


>>> Cheers


>>> Rob


>>>


>>> --


>>> Please post to: Hampshire@???


>>> Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire>>> LUG URL: http://www.hantslug.org.uk


>>> --------------------------------------------------------------


>> --


>> Please post to: Hampshire@???


>> Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire>> LUG URL: http://www.hantslug.org.uk


>> --------------------------------------------------------------


>


> --
> Please post to: Hampshire@???
> Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
> LUG URL: http://www.hantslug.org.uk
> --------------------------------------------------------------

--
Please post to: Hampshire@???
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.org.uk
--------------------------------------------------------------
This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] ufwRe: [Hampshire] ufw->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)