OXIESEC PANEL
- Current Dir:
/
/
usr
/
share
/
ufw
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
11/10/2024 09:42:49 AM
rwxr-xr-x
📄
after.init
1.1 KB
10/25/2021 05:30:24 PM
rw-r--r--
📄
after.rules
1004 bytes
10/25/2021 05:30:24 PM
rw-r--r--
📄
after.rules.md5sum
305 bytes
08/15/2017 04:47:54 PM
rw-r--r--
📄
after6.rules
915 bytes
10/25/2021 05:30:24 PM
rw-r--r--
📄
after6.rules.md5sum
248 bytes
08/15/2017 04:47:54 PM
rw-r--r--
📄
before.init
1.1 KB
10/25/2021 05:30:24 PM
rw-r--r--
📄
before.rules
2.48 KB
10/25/2021 05:30:24 PM
rw-r--r--
📄
before.rules.md5sum
558 bytes
12/14/2018 05:50:47 PM
rw-r--r--
📄
before6.rules
6.54 KB
10/25/2021 05:30:24 PM
rw-r--r--
📄
before6.rules.md5sum
693 bytes
12/14/2018 05:50:47 PM
rw-r--r--
📄
check-requirements
7.01 KB
09/04/2018 06:48:07 PM
rwxr-xr-x
📁
iptables
-
05/09/2024 07:13:54 AM
rwxr-xr-x
📁
messages
-
05/09/2024 07:13:54 AM
rwxr-xr-x
📄
ufw.conf
312 bytes
10/25/2021 05:30:24 PM
rw-r--r--
📄
user.rules
307 bytes
01/14/2018 07:28:35 PM
rw-r--r--
📄
user.rules.md5sum
60 bytes
08/15/2017 04:47:54 PM
rw-r--r--
📄
user6.rules
107 bytes
01/14/2018 07:28:35 PM
rw-r--r--
📄
user6.rules.md5sum
61 bytes
08/15/2017 04:47:54 PM
rw-r--r--
Editing: before.rules
Close
# # rules.before # # Rules that should be run before the ufw command line added rules. Custom # rules should be added to one of these chains: # ufw-before-input # ufw-before-output # ufw-before-forward # # Don't delete these required lines, otherwise there will be errors *filter :ufw-before-input - [0:0] :ufw-before-output - [0:0] :ufw-before-forward - [0:0] :ufw-not-local - [0:0] # End required lines # allow all on loopback -A ufw-before-input -i lo -j ACCEPT -A ufw-before-output -o lo -j ACCEPT # quickly process packets for which we already have a connection -A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # drop INVALID packets (logs these in loglevel medium and higher) -A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny -A ufw-before-input -m conntrack --ctstate INVALID -j DROP # ok icmp codes for INPUT -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT -A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT -A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT # ok icmp code for FORWARD -A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT -A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT -A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT -A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT # allow dhcp client to work -A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT # # ufw-not-local # -A ufw-before-input -j ufw-not-local # if LOCAL, RETURN -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN # if MULTICAST, RETURN -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN # if BROADCAST, RETURN -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN # all other non-local packets are dropped -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny -A ufw-not-local -j DROP # allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above # is uncommented) -A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT # allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above # is uncommented) -A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT # don't delete the 'COMMIT' line or these rules won't be processed COMMIT