Re: [Hampshire] ufw

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Gareth Evans at <-
MM 

Reply to this message
Author: Gareth
Date:  
To: Rob Malpass, Hampshire LUG Discussion List
Subject: Re: [Hampshire] ufw
Hi rob
You could always test it from the machine you are allowing...
Use telnet and try to connect to another port that you know is running a
service on the destination machine..

Thanks
G

On 3 Nov 2017 3:41 p.m., "Rob Malpass via Hampshire" <
hampshire@???> wrote:

> Thanks both – so if I do
>
>
>
> sudo ufw allow from 192.168.0.99 to any port 22
>
>
>
> then am I doing anything other than saying 192.168.0.99 can ssh in to this
> machine? This is what I’m trying to achieve but the “any” is confusing me
> somewhat – though the rule itself does seem to be doing what I want.
>
>
>
> Cheers
>
> Rob
>
>
>
> *From:* Hampshire [mailto:hampshire-bounces@mailman.lug.org.uk] *On
> Behalf Of *Gareth Evans via Hampshire
> *Sent:* 03 November 2017 15:28
> *To:* Peter B.; Hampshire LUG Discussion List
> *Subject:* Re: [Hampshire] ufw
>
>
>
> man ufw doesn't seem to have much to say on the matter, but
>
>
>
> https://help.ubuntu.com/community/UFW
>
>
>
> suggests "any" in this context means any destination IP address (given
> that there may be many associated with a host):
>
>
>
> *Allow by specific port, IP address and protocol*
>
>
>
> sudo ufw allow from <target> to <destination> port <port number> proto
> <protocol name>
>
>
>
> *example: allow IP address 192.168.0.4 access to port 22 using TCP*
>
>
>
> sudo ufw allow from 192.168.0.4 to any port 22 proto tcp
>
>
>
>
>
>
>
> On Fri, 3 Nov 2017, at 14:57, Peter B. via Hampshire wrote:
>
> From any port on y Maybe?
>
>
>
> On 3 Nov 2017 14:53, "Rob Malpass via Hampshire" <
> hampshire@???> wrote:
>
> Hi all
>
>
>
> Simple question (I hope). If I’m opening port x from ip address y on my
> network with the following command
>
>
>
> sudo ufw allow from y to any port x
>
>
>
> …then where does the “any” come from? Anyone know? Seems strange to
> say “any port” then list the port number – unless I’ve misunderstood the
> rule.
>
>
>
> Cheers
>
> Rob
>
>
>
> --
>
> Please post to: Hampshire@???
>
> Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
>
> LUG URL: http://www.hantslug.org.uk
>
> --------------------------------------------------------------
>
> --
>
> Please post to: Hampshire@???
>
> Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
>
> LUG URL: http://www.hantslug.org.uk
>
> --------------------------------------------------------------
>
>
>
> --
> Please post to: Hampshire@???
> Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
> LUG URL: http://www.hantslug.org.uk
> --------------------------------------------------------------
>
--
Please post to: Hampshire@???
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.org.uk
--------------------------------------------------------------
This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] ufw[Hampshire] Raspberry Pi, RS485 and libmodbus->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)