Getting started with UFW (Uncomplicated Firewall) Ubuntu CLI

This is a quick reference guide about getting started with UFW (Uncomplicated Firewall) Ubuntu CLI

1.Check the status of the firewall

ufw status

root@FTP:~# ufw status
Status: inactive

IMPORTANT! Please see step 2 before enabling the firewall

root@FTP:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)

ufw status verbose – gives more information about the firewall status.

root@FTP:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)


2. Enabling ufw

2.1 CAUTION! Before enabling your firewall make sure that you have added a policy to allow SSH.

root@FTP:/etc/ufw# ufw  allow ssh
Rules updated
Rules updated (v6)

You can check this has been added in the following file: /etc/ufw/user.rules

nano /etc/ufw/user.rules

]

### RULES ###

### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 22 -j ACCEPT

2.2 ufw enable

ufw enable

3. Adding ufw rules

3.1 Basic ufw rule examples

The below rules will be from any source to a specific port on the local server.

root@FTP:~# ufw allow http
Rule added
Rule added (v6)
root@FTP:~# ufw allow https
Rule added
Rule added (v6)
root@FTP:~# ufw allow ftp
Rule added
Rule added (v6)
root@FTP:~# ufw allow tftp
Rule added
Rule added (v6)
root@FTP:~# ufw allow snmp
Rule added
Rule added (v6)
root@FTP:~# ufw allow sftp
Rule added
Rule added (v6)
root@FTP:~# ufw allow smtp
Rule added
Rule added (v6)
root@FTP:~# ufw allow 3389
Rule added
Rule added (v6)

3.2 Check ufw rules

root@FTP:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
21/tcp                     ALLOW       Anywhere
69/udp                     ALLOW       Anywhere
161                        ALLOW       Anywhere
115/tcp                    ALLOW       Anywhere
25/tcp                     ALLOW       Anywhere
3389                       ALLOW       Anywhere

3.3 Source and destination specific ufw rules

root@FTP:~# ufw allow from 10.0.125.0/24 to any
Rule added
root@FTP:~# ufw allow from 10.0.130.0/24 to any  port sftp
Rule added
root@FTP:~# ufw status
Anywhere                   ALLOW       10.0.125.0/24
115/tcp                    ALLOW       10.0.130.0/24

4. Delete ufw rules

root@FTP:~# ufw delete allow https
Rule deleted
Rule deleted (v6)
root@FTP:~#

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to shape traffic using Wondershaper on Ubuntu 18.04 CLI

This is a quick reference guide on how to shape traffic using Wondershaper on Linux Based Operating Systems.

1. Install Wondershaper

apt install wondershaper

IMPORTANT: The following installation will create the directory for where the traffic shaping configuration will go.

cd bin
git clone https://github.com/magnific0/wondershaper.git
cd wondershaper
make install

2. Edit /etc/conf.d/wondershaper.conf

nano /etc/conf.d/wondershaper.conf

Example configuration:

You will need to specify which interface and what the bandwidth is restricted to in kbps.

[wondershaper]
# Adapter
#
IFACE="eth0"

# Download rate in Kbps
#
DSPEED="10240"

# Upload rate in Kbps
#
USPEED="10240"

3. Restart Wondershaper

service wondershaper restart

4. iPerf Before and after Wondershaper.

root@FTP:~# iperf3 -c 10.0.125.14
Connecting to host 10.0.125.14, port 5201
[  4] local 10.0.125.11 port 38860 connected to 10.0.125.14 port 5201
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec   115 MBytes   968 Mbits/sec    0   3.03 MBytes
[  4]   1.00-2.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   2.00-3.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   3.00-4.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   4.00-5.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   5.00-6.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   6.00-7.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   7.00-8.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   8.00-9.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   9.00-10.00  sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  1.10 GBytes   942 Mbits/sec    0             sender
[  4]   0.00-10.00  sec  1.09 GBytes   939 Mbits/sec                  receiver

iperf Done.
root@FTP:~# service wondershaper start
root@FTP:~# iperf3 -c 10.0.125.14
Connecting to host 10.0.125.14, port 5201
[  4] local 10.0.125.11 port 38864 connected to 10.0.125.14 port 5201
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec  1.71 MBytes  14.3 Mbits/sec    0    102 KBytes
[  4]   1.00-2.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   2.00-3.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   3.00-4.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   4.00-5.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   5.00-6.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   6.00-7.00   sec  1.06 MBytes  8.86 Mbits/sec    0    102 KBytes
[  4]   7.00-8.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   8.00-9.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   9.00-10.00  sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  11.7 MBytes  9.83 Mbits/sec    0             sender
[  4]   0.00-10.00  sec  11.1 MBytes  9.31 Mbits/sec                  receiver

iperf Done.

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to configure a static IP address on Ubuntu 18.04 CLI

This is a quick reference guide on how to configure a static IP address on Ubuntu 18.04

1. Check interfaces by typing ifconfig -a

root@VPS:~# ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
inet 10.10.0.102  netmask 255.255.255.0  broadcast 10.10.0.255
inet6 fe80::7ff:fe59:9a16  prefixlen 64  scopeid 0x20 	<link>
        ether 02:00:07:59:9a:16  txqueuelen 1000  (Ethernet)
RX packets 226  bytes 23624 (23.6 KB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 95  bytes 14736 (14.7 KB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
inet6 ::1  prefixlen 128  scopeid 0x10<host>
loop  txqueuelen 1000  (Local Loopback)
RX packets 2  bytes 78 (78.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 2  bytes 78 (78.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

You will need to specify the interface that you would like to statically assign an IP address to. In this scenario the interface is eth0.

2. Create a yaml file in /etc/netplan

Use nano to create and edit files – simply run the following command if you do not have it installed.

apt-get install nano

Create a yaml file under /etc/netplan – I have used network_config.yaml as my file name.

root@VPS:~# cd /etc/netplan/
root@VPS:/etc/netplan# nano network_config.yaml

Enter the following into network_config.yaml file using nano – make sure you change the interface to your ifconfig -a output (the interface you would like to configure your static IP on). My interface in this scenario is eth0.

You will also need to specify your default gateway and your dns servers. These are configured under the following headings: gateway4 and nameservers respectively.

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses:
        - 10.0.125.10/24
      gateway4: 10.0.125.254
      nameservers:
          search: [mydomain, otherdomain]
          addresses: [10.10.0.1, 1.1.1.1]

3. Apply Netplan

root@VPS:/etc/netplan# sudo netplan apply

4. Check that you have received an IP address on the interface you have specified by running ifconfig.

root@VPS:/etc/netplan# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.0.102  netmask 255.255.255.0  broadcast 10.10.0.255
        inet6 fe80::7ff:fe59:9a16  prefixlen 64  scopeid 0x20<link>
        ether 02:00:07:59:9a:16  txqueuelen 1000  (Ethernet)
        RX packets 770  bytes 77688 (77.6 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 271  bytes 38562 (38.5 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2  bytes 78 (78.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2  bytes 78 (78.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to make a shell script executable Linux CLI

This is a quick reference guide on how to make a shell script executable on Linux Based Operating Systems.

1. chmod +x

root@FTP:~# ./shell.sh
-bash: ./shell.sh: Permission denied
root@FTP:~# chmod +x shell.sh
root@FTP:~# ./shell.sh

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to add a user to a group Linux CLI

This is a quick reference guide on how to check your network interfaces on Linux Based Operating Systems.

1. ifconfig -a

root@FTP1:~# addgroup ftpgroup user1
addgroup: The user `ftpgroup' does not exist.
root@FTP1:~# adduser user1 ftpgroup
Adding user `user1' to group `ftpgroup' ...
Adding user user1 to group ftpgroup
Done.
root@FTP1:~# adduser user2 ftpgroup
Adding user `user2' to group `ftpgroup' ...
Adding user user2 to group ftpgroup
Done.

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to show interface statistics using netstat -i command Linux CLI

This is a quick reference on how to show interface statistics using the netstat -i command on Linux Based Operating Systems.

1. netstat -i

root@GNS3-Server:~# netstat -i
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0    1500 0         0      0      0 0             0      0      0      0 BMU
eth0       1500 0       572      0      0 0           359      0      0      0 BMRU
eth1       1500 0        43      0      0 0            37      0      0      0 BMRU
lo        65536 0      3172      0      0 0          3172      0      0      0 LRU
tun1194    1500 0         0      0      0 0             0      0      0      0 MOPRU
virbr0     1500 0         0      0      0 0             0      0      0      0 BMU
root@GNS3-Server:~#

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to show established tcp connections using the netstat command Linux CLI

This is a quick reference on how to show established tcp connections using the netstat command on Linux Based Operating Systems.

1. netstat

root@GNS3-Server:~# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 172.16.253.1:3080       172.16.253.1:43486      ESTABLISHED
tcp        0      0 172.16.253.1:43486      172.16.253.1:3080       ESTABLISHED
tcp        0      0 10.0.125.10:ssh         90.240.10.190:59675     ESTABLISHED

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.