BRRABill's Field Report With Linux
-
I mean that adding in one rule in ufw (allwing SSH) added all this to the output of iptables -L
Chain INPUT (policy DROP) target prot opt source destination ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere ufw-track-forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST -
@BRRABill said in BRRABill's Field Report With Linux:
@Dashrender said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
So, in this fresh install, I tried adding a rule in ufw, and it added all sorts of stuff to iptables.
So maybe it works the one way, but not the other?
that's completely possible. Unifi stuff is that way
you can update the device with a json file, but it won't update the GUI.Actually the Unifi installer made NO changes to iptables.
considering the instructions you found that had you manually make iptables changes, I'm not surprised - not that the script couldn't include that, they don't so they remain simple to be used on any linux distro or nearly any.
-
@BRRABill said in BRRABill's Field Report With Linux:
@Dashrender said i
No adding ports to iptables doesn't not enable it - you'd have to start the service that enables it, and then open the required ports (I suppose you could do it either one first, but if you don't enable the service, then there is no firewall running)
Are you sure about that?
iptables is just the interface to the firewall, which I think is always running.
Now, by default, it is allowing everything.
I set up another fresh droplet for testing, and this is what iptables -L gives me
Chain INPUT (policy ACCEPT) Chain FORWARD (policy ACCEPT) Chain OUTPUT (policy ACCEPT)That's the "tables is turned off" output.
-
@travisdh1 said
That's the "tables is turned off" output.
See, I think that is semantics.
tables is turned on, but accepting everything.
Because you don't have to issue any commands, simple add something to iptables
-
@BRRABill said in BRRABill's Field Report With Linux:
@Dashrender said in BRRABill's Field Report With Linux:
yep, I'm sure IF the following is correct and the firewall is not enabled by default as mentioned below.
@travisdh1 said in BRRABill's Field Report With Linux:
Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?
I think maybe what @travisdh1 meant was that it is enabled, but be default allows everything.
Hence, it seeming like it's not actually firewalling anything.
@travisdh1 ???
And where are all the Ubuntu experts here on ML???
Ubuntu does things so odd compared to the rest of the ecosystem (ufw), that many of us only touch it if when we have no other choice.
-
@BRRABill said in BRRABill's Field Report With Linux:
@travisdh1 said
That's the "tables is turned off" output.
See, I think that is semantics.
I is! I was so confused when I first ran into this.
-
@travisdh1 said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@Dashrender said in BRRABill's Field Report With Linux:
yep, I'm sure IF the following is correct and the firewall is not enabled by default as mentioned below.
@travisdh1 said in BRRABill's Field Report With Linux:
Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?
I think maybe what @travisdh1 meant was that it is enabled, but be default allows everything.
Hence, it seeming like it's not actually firewalling anything.
@travisdh1 ???
And where are all the Ubuntu experts here on ML???
Ubuntu does things so odd compared to the rest of the ecosystem (ufw), that many of us only touch it if when we have no other choice.
It seems to be a very common choice for many things, though. Even here at ML (such as XO).
-
@BRRABill said in BRRABill's Field Report With Linux:
@travisdh1 said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@Dashrender said in BRRABill's Field Report With Linux:
yep, I'm sure IF the following is correct and the firewall is not enabled by default as mentioned below.
@travisdh1 said in BRRABill's Field Report With Linux:
Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?
I think maybe what @travisdh1 meant was that it is enabled, but be default allows everything.
Hence, it seeming like it's not actually firewalling anything.
@travisdh1 ???
And where are all the Ubuntu experts here on ML???
Ubuntu does things so odd compared to the rest of the ecosystem (ufw), that many of us only touch it if when we have no other choice.
It seems to be a very common choice for many things, though. Even here at ML (such as XO).
Yes, because it's what the devs use instead of a sane environment (Debian, CentOS). Running things on a different distribution when the devs don't know what's broken is a pain, and huge time sink.
-
Another interesting tidbit...
I couldn't get it to stick on reboots with my other install, but it now seems to be sticking.
Uh, Linux. Er, Ubuntu.
-
Today's Question...
When setting up a static IP, do you need the "network" and "broadcast" entries?
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
dns-nameservers 192.168.1.1 -
@BRRABill said in BRRABill's Field Report With Linux:
Today's Question...
When setting up a static IP, do you need the "network" and "broadcast" entries?
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
dns-nameservers 192.168.1.1I have never had any issues not putting them in... But make sure you understand what they are at a bare minimum... Bonus points if you know how to calculate them.
-
@BRRABill said in BRRABill's Field Report With Linux:
Today's Question...
When setting up a static IP, do you need the "network" and "broadcast" entries?
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
dns-nameservers 192.168.1.1Don't need. It is just good practice.
-
@dafyre said
I have never had any issues not putting them in... But make sure you understand what they are at a bare minimum... Bonus points if you know how to calculate them.
Bah, that's why we have the interwebs
-
@BRRABill said in BRRABill's Field Report With Linux:
@dafyre said
I have never had any issues not putting them in... But make sure you understand what they are at a bare minimum... Bonus points if you know how to calculate them.
Bah, that's why we have the interwebs
That's also why it's bonus points if you know how to calculate it.
-
@dafyre said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@dafyre said
I have never had any issues not putting them in... But make sure you understand what they are at a bare minimum... Bonus points if you know how to calculate them.
Bah, that's why we have the interwebs
That's also why it's bonus points if you know how to calculate it.
I recall when I learned how to calculate it - for a while I just assumed anyone higher than me on the IT food chain must know this stuff - boy was I wrong.
-
@Dashrender said in BRRABill's Field Report With Linux:
@dafyre said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@dafyre said
I have never had any issues not putting them in... But make sure you understand what they are at a bare minimum... Bonus points if you know how to calculate them.
Bah, that's why we have the interwebs
That's also why it's bonus points if you know how to calculate it.
I recall when I learned how to calculate it - for a while I just assumed anyone higher than me on the IT food chain must know this stuff - boy was I wrong.
I know, right? The only reason I remember is because my CCNA prof made sure we knew how to do subnet calculations on paper from day one.
-
@dafyre said in BRRABill's Field Report With Linux:
@Dashrender said in BRRABill's Field Report With Linux:
@dafyre said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@dafyre said
I have never had any issues not putting them in... But make sure you understand what they are at a bare minimum... Bonus points if you know how to calculate them.
Bah, that's why we have the interwebs
That's also why it's bonus points if you know how to calculate it.
I recall when I learned how to calculate it - for a while I just assumed anyone higher than me on the IT food chain must know this stuff - boy was I wrong.
I know, right? The only reason I remember is because my CCNA prof made sure we knew how to do subnet calculations on paper from day one.
I learned it when I was self learning Windows NT stuff. My company at the time was all Windows 3.1 and a bit Windows 95 with Netware on the servers. For some reason I really like NT 4.0 and bought some books and started learning.
-
@Dashrender said in BRRABill's Field Report With Linux:
@dafyre said in BRRABill's Field Report With Linux:
@Dashrender said in BRRABill's Field Report With Linux:
@dafyre said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@dafyre said
I have never had any issues not putting them in... But make sure you understand what they are at a bare minimum... Bonus points if you know how to calculate them.
Bah, that's why we have the interwebs
That's also why it's bonus points if you know how to calculate it.
I recall when I learned how to calculate it - for a while I just assumed anyone higher than me on the IT food chain must know this stuff - boy was I wrong.
I know, right? The only reason I remember is because my CCNA prof made sure we knew how to do subnet calculations on paper from day one.
I learned it when I was self learning Windows NT stuff. My company at the time was all Windows 3.1 and a bit Windows 95 with Netware on the servers. For some reason I really like NT 4.0 and bought some books and started learning.
Out of all the Microsoft Server versions I've used over the years, 2000 was my favorite with NT4.0 only falling out of the favorite slot because of the tiny boot partition, even at that time 2GB was kinda small.
-
@Dashrender said in BRRABill's Field Report With Linux:
@dafyre said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@dafyre said
I have never had any issues not putting them in... But make sure you understand what they are at a bare minimum... Bonus points if you know how to calculate them.
Bah, that's why we have the interwebs
That's also why it's bonus points if you know how to calculate it.
I recall when I learned how to calculate it - for a while I just assumed anyone higher than me on the IT food chain must know this stuff - boy was I wrong.
Yeah, this was stuff that I was expected to know to get my first IT job. How the heck did anyone working in IT already not know it! And yet... they didn't.
-
@travisdh1 said in BRRABill's Field Report With Linux:
@Dashrender said in BRRABill's Field Report With Linux:
@dafyre said in BRRABill's Field Report With Linux:
@Dashrender said in BRRABill's Field Report With Linux:
@dafyre said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@dafyre said
I have never had any issues not putting them in... But make sure you understand what they are at a bare minimum... Bonus points if you know how to calculate them.
Bah, that's why we have the interwebs
That's also why it's bonus points if you know how to calculate it.
I recall when I learned how to calculate it - for a while I just assumed anyone higher than me on the IT food chain must know this stuff - boy was I wrong.
I know, right? The only reason I remember is because my CCNA prof made sure we knew how to do subnet calculations on paper from day one.
I learned it when I was self learning Windows NT stuff. My company at the time was all Windows 3.1 and a bit Windows 95 with Netware on the servers. For some reason I really like NT 4.0 and bought some books and started learning.
Out of all the Microsoft Server versions I've used over the years, 2000 was my favorite with NT4.0 only falling out of the favorite slot because of the tiny boot partition, even at that time 2GB was kinda small.
I still prefer NT4 by far. 2000 was actually my least favourite.
