How to implement Longview firewall exceptions using UFW?
I want to enable Longview, but I'm not sure how to add the needed rules through UFW.
According to this document
# Allow incoming Longview connections
-A INPUT -s longview.linode.com -j ACCEPT
# Allow metrics to be provided Longview
-A OUTPUT -d longview.linode.com -j ACCEPT
UFW throws errors and won't start.
Can anyone advise? Thanks.
3 Replies
ufw insert # allow from longview.linode.com
You would choose the value for # so this appears early in the rule list - you can use ufw status numbered for a numbered list.
I'm not sure if ufw accepts a host name in place of an IP address - in any event, iptables only resolves it once, when the rule is loaded, and uses the IP address thereafter. So you could use 96.126.119.66 instead, and you'd just have to change it if the address for longview.linode.com ever changes.
Haven't tested the solution yet, because I tried simply installing Longview without adjusting firewall rules and it works fine.
Now I need to figure out if iptables is working properly. Lots to learn…
iptables-save
will show if you're doing that. The "# Allow metrics to be provided Longview" rule is only needed if you're blocking connections on OUTPUT, which is overkill for pretty much everybody and will only serve to cause you pain. If you're doing that, I highly recommend not.
- Les