View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions How to implement Longview firewall exceptions using UFW?
Log in to Ask a Question

How to implement Longview firewall exceptions using UFW?

networking

I am using UFW to handle firewall rules on my Ubuntu 14.04 LAMP server.

I want to enable Longview, but I'm not sure how to add the needed rules through UFW.

According to this document it looks like I need to put them in /etc/ufw/after.rules but I believe they need to be formatted another way. When I simply copy and paste the rules,

#  Allow incoming Longview connections 
-A INPUT -s longview.linode.com -j ACCEPT

# Allow metrics to be provided Longview
-A OUTPUT -d longview.linode.com -j ACCEPT

UFW throws errors and won't start.

Can anyone advise? Thanks.

3 Replies

You should just be able to add a rule using the ufw command. This would then be saved as part of your rule set.

ufw insert # allow from longview.linode.com

You would choose the value for # so this appears early in the rule list - you can use ufw status numbered for a numbered list.

I'm not sure if ufw accepts a host name in place of an IP address - in any event, iptables only resolves it once, when the rule is loaded, and uses the IP address thereafter. So you could use 96.126.119.66 instead, and you'd just have to change it if the address for longview.linode.com ever changes.

Thanks for the reply…

Haven't tested the solution yet, because I tried simply installing Longview without adjusting firewall rules and it works fine.

Now I need to figure out if iptables is working properly. Lots to learn…

To be clear, you should need to do absolutely nothing. "Allow[ing] incoming Longview connections" isn't necessary, since Longview servers don't initiate any incoming connections. As long as you're allowed RELATED/ESTABLISHED connections in through INPUT (if you're not, you ought to be), you're fine there. iptables-save will show if you're doing that. The "# Allow metrics to be provided Longview" rule is only needed if you're blocking connections on OUTPUT, which is overkill for pretty much everybody and will only serve to cause you pain. If you're doing that, I highly recommend not.

  • Les

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct