Linode Forum :: How to implement Longview firewall exceptions using UFW?

Linode Forum https://forum.linode.com/

How to implement Longview firewall exceptions using UFW? https://forum.linode.com/viewtopic.php?f=19&t=11872	Page 1 of 1

Author:	a567342 [ Fri May 29, 2015 5:03 am ]
Post subject:	How to implement Longview firewall exceptions using UFW?
I am using UFW to handle firewall rules on my Ubuntu 14.04 LAMP server. I want to enable Longview, but I'm not sure how to add the needed rules through UFW. According to this document it looks like I need to put them in /etc/ufw/after.rules but I believe they need to be formatted another way. When I simply copy and paste the rules, Code: # Allow incoming Longview connections -A INPUT -s longview.linode.com -j ACCEPT # Allow metrics to be provided Longview -A OUTPUT -d longview.linode.com -j ACCEPT UFW throws errors and won't start. Can anyone advise? Thanks.

Author:	Vance [ Sat May 30, 2015 10:07 pm ]
Post subject:	Re: How to implement Longview firewall exceptions using UFW?
You should just be able to add a rule using the ufw command. This would then be saved as part of your rule set. Code: ufw insert # allow from longview.linode.com You would choose the value for # so this appears early in the rule list - you can use ufw status numbered for a numbered list. I'm not sure if ufw accepts a host name in place of an IP address - in any event, iptables only resolves it once, when the rule is loaded, and uses the IP address thereafter. So you could use 96.126.119.66 instead, and you'd just have to change it if the address for longview.linode.com ever changes.

Author:	a567342 [ Mon Jun 01, 2015 10:38 pm ]
Post subject:	Re: How to implement Longview firewall exceptions using UFW?
Thanks for the reply... Haven't tested the solution yet, because I tried simply installing Longview without adjusting firewall rules and it works fine. Now I need to figure out if iptables is working properly. Lots to learn...

Author:	akerl [ Mon Jun 01, 2015 10:42 pm ]
Post subject:	Re: How to implement Longview firewall exceptions using UFW?
To be clear, you should need to do absolutely nothing. "Allow[ing] incoming Longview connections" isn't necessary, since Longview servers don't initiate any incoming connections. As long as you're allowed RELATED/ESTABLISHED connections in through INPUT (if you're not, you ought to be), you're fine there. `iptables-save` will show if you're doing that. The "# Allow metrics to be provided Longview" rule is only needed if you're blocking connections on OUTPUT, which is overkill for pretty much everybody and will only serve to cause you pain. If you're doing that, I highly recommend not. - Les

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/