Getting started with UFW (Uncomplicated Firewall) Ubuntu CLI

This is a quick reference guide about getting started with UFW (Uncomplicated Firewall) Ubuntu CLI

1.Check the status of the firewall

ufw status

root@FTP:~# ufw status
Status: inactive

IMPORTANT! Please see step 2 before enabling the firewall

root@FTP:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)

ufw status verbose – gives more information about the firewall status.

root@FTP:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)


2. Enabling ufw

2.1 CAUTION! Before enabling your firewall make sure that you have added a policy to allow SSH.

root@FTP:/etc/ufw# ufw  allow ssh
Rules updated
Rules updated (v6)

You can check this has been added in the following file: /etc/ufw/user.rules

nano /etc/ufw/user.rules

]

### RULES ###

### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 22 -j ACCEPT

2.2 ufw enable

ufw enable

3. Adding ufw rules

3.1 Basic ufw rule examples

The below rules will be from any source to a specific port on the local server.

root@FTP:~# ufw allow http
Rule added
Rule added (v6)
root@FTP:~# ufw allow https
Rule added
Rule added (v6)
root@FTP:~# ufw allow ftp
Rule added
Rule added (v6)
root@FTP:~# ufw allow tftp
Rule added
Rule added (v6)
root@FTP:~# ufw allow snmp
Rule added
Rule added (v6)
root@FTP:~# ufw allow sftp
Rule added
Rule added (v6)
root@FTP:~# ufw allow smtp
Rule added
Rule added (v6)
root@FTP:~# ufw allow 3389
Rule added
Rule added (v6)

3.2 Check ufw rules

root@FTP:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
21/tcp                     ALLOW       Anywhere
69/udp                     ALLOW       Anywhere
161                        ALLOW       Anywhere
115/tcp                    ALLOW       Anywhere
25/tcp                     ALLOW       Anywhere
3389                       ALLOW       Anywhere

3.3 Source and destination specific ufw rules

root@FTP:~# ufw allow from 10.0.125.0/24 to any
Rule added
root@FTP:~# ufw allow from 10.0.130.0/24 to any  port sftp
Rule added
root@FTP:~# ufw status
Anywhere                   ALLOW       10.0.125.0/24
115/tcp                    ALLOW       10.0.130.0/24

4. Delete ufw rules

root@FTP:~# ufw delete allow https
Rule deleted
Rule deleted (v6)
root@FTP:~#

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to shape traffic using Wondershaper on Ubuntu 18.04 CLI

This is a quick reference guide on how to shape traffic using Wondershaper on Linux Based Operating Systems.

1. Install Wondershaper

apt install wondershaper

IMPORTANT: The following installation will create the directory for where the traffic shaping configuration will go.

cd bin
git clone https://github.com/magnific0/wondershaper.git
cd wondershaper
make install

2. Edit /etc/conf.d/wondershaper.conf

nano /etc/conf.d/wondershaper.conf

Example configuration:

You will need to specify which interface and what the bandwidth is restricted to in kbps.

[wondershaper]
# Adapter
#
IFACE="eth0"

# Download rate in Kbps
#
DSPEED="10240"

# Upload rate in Kbps
#
USPEED="10240"

3. Restart Wondershaper

service wondershaper restart

4. iPerf Before and after Wondershaper.

root@FTP:~# iperf3 -c 10.0.125.14
Connecting to host 10.0.125.14, port 5201
[  4] local 10.0.125.11 port 38860 connected to 10.0.125.14 port 5201
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec   115 MBytes   968 Mbits/sec    0   3.03 MBytes
[  4]   1.00-2.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   2.00-3.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   3.00-4.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   4.00-5.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   5.00-6.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   6.00-7.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   7.00-8.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   8.00-9.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   9.00-10.00  sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  1.10 GBytes   942 Mbits/sec    0             sender
[  4]   0.00-10.00  sec  1.09 GBytes   939 Mbits/sec                  receiver

iperf Done.
root@FTP:~# service wondershaper start
root@FTP:~# iperf3 -c 10.0.125.14
Connecting to host 10.0.125.14, port 5201
[  4] local 10.0.125.11 port 38864 connected to 10.0.125.14 port 5201
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec  1.71 MBytes  14.3 Mbits/sec    0    102 KBytes
[  4]   1.00-2.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   2.00-3.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   3.00-4.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   4.00-5.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   5.00-6.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   6.00-7.00   sec  1.06 MBytes  8.86 Mbits/sec    0    102 KBytes
[  4]   7.00-8.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   8.00-9.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   9.00-10.00  sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  11.7 MBytes  9.83 Mbits/sec    0             sender
[  4]   0.00-10.00  sec  11.1 MBytes  9.31 Mbits/sec                  receiver

iperf Done.

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to make a shell script executable Linux CLI

This is a quick reference guide on how to make a shell script executable on Linux Based Operating Systems.

1. chmod +x

root@FTP:~# ./shell.sh
-bash: ./shell.sh: Permission denied
root@FTP:~# chmod +x shell.sh
root@FTP:~# ./shell.sh

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to add a user to a group Linux CLI

This is a quick reference guide on how to check your network interfaces on Linux Based Operating Systems.

1. ifconfig -a

root@FTP1:~# addgroup ftpgroup user1
addgroup: The user `ftpgroup' does not exist.
root@FTP1:~# adduser user1 ftpgroup
Adding user `user1' to group `ftpgroup' ...
Adding user user1 to group ftpgroup
Done.
root@FTP1:~# adduser user2 ftpgroup
Adding user `user2' to group `ftpgroup' ...
Adding user user2 to group ftpgroup
Done.

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to change group ownership of a file Linux CLI

This is a quick reference guide on how to change group ownership of a file on Linux Based Operating Systems.

1. Change group ownership of a file using chgrp command

[root@vps1 ~]# chgrp root file1
[root@vps1 ~]# ls -l file1
-rw-r--r-- 1 root root 0 Jun  4 11:06 file1
[root@vps1 ~]# chgrp vpsuser file1
[root@vps1 ~]# ls -l file1
-rw-r--r-- 1 root vpsuser 0 Jun  4 11:06 file1

2. Check the file permission using ls -l

root@vps:~# ls -l file1
-rwxr-x--x 1 root root 0 Jun  3 08:17 file1

A dash (-) indicates that the file is a regular file.

The letter (d) indicates that the file is a directory as per below:

A letter (l) preceding indicates a special file type called a symlink. A symlink is a pointer to another location in the file system.

drwxr-xr-x 3 root root       4096 Oct 18  2018 ufw

The first three letters above refer to the permission of the user so in this case rwx, so read, write, and execute.

The next three letters is for group r-x, so read and execute, but not write as indicated by the dash.

The next three letters is for other r-x, so read and execute, but not write as indicated by the dash. (so the same as group in this example)

The number 3 in this example after the permissions indicates the number of files or sub-directories contained within this particular directory.

The first name after the number (directory and file number) in the example below is the user or file owner. “vpsuser”

The second name refers to the files group. “group1”

-rwxr-x--x 1 vpsuser group1 0 Jun  3 08:17 file1
root@vps:~#

The remainder of the file details are the size of the file, the date and time that the file was created or last modified, and the file name.

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to show interface statistics using netstat -i command Linux CLI

This is a quick reference on how to show interface statistics using the netstat -i command on Linux Based Operating Systems.

1. netstat -i

root@GNS3-Server:~# netstat -i
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0    1500 0         0      0      0 0             0      0      0      0 BMU
eth0       1500 0       572      0      0 0           359      0      0      0 BMRU
eth1       1500 0        43      0      0 0            37      0      0      0 BMRU
lo        65536 0      3172      0      0 0          3172      0      0      0 LRU
tun1194    1500 0         0      0      0 0             0      0      0      0 MOPRU
virbr0     1500 0         0      0      0 0             0      0      0      0 BMU
root@GNS3-Server:~#

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to show established tcp connections using the netstat command Linux CLI

This is a quick reference on how to show established tcp connections using the netstat command on Linux Based Operating Systems.

1. netstat

root@GNS3-Server:~# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 172.16.253.1:3080       172.16.253.1:43486      ESTABLISHED
tcp        0      0 172.16.253.1:43486      172.16.253.1:3080       ESTABLISHED
tcp        0      0 10.0.125.10:ssh         90.240.10.190:59675     ESTABLISHED

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.