Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UFW, custom application & ports #57

Open
raidoo9 opened this issue Apr 15, 2020 · 5 comments
Open

UFW, custom application & ports #57

raidoo9 opened this issue Apr 15, 2020 · 5 comments
Assignees
@imthenachoman
Labels
help wanted Extra attention is needed

Comments

@raidoo9
Copy link

raidoo9 commented Apr 15, 2020

Hi,

Thank you for putting this guide together.

Looking for some assistance with creating custom application profiles for UFW for the software I use on my Pi.

I'm not sure if these ports are all needed or if they need in or out access? Also I would like to restrict access to my lan if the apps dont need wan access?

Would appreciate any help

Thanks

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 0.0.0.0:37601 0.0.0.0:* users:(("avahi-daemon",pid=375,fd=14))
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("avahi-daemon",pid=375,fd=12))
udp UNCONN 0 0 0.0.0.0:8999 0.0.0.0:* users:(("qbittorrent-nox",pid=582,fd=29))
udp UNCONN 0 0 192.168.0.28:1900 0.0.0.0:* users:(("qbittorrent-nox",pid=582,fd=35))
udp UNCONN 0 0 127.0.0.1:1900 0.0.0.0:* users:(("qbittorrent-nox",pid=582,fd=33))
udp UNCONN 0 0 0.0.0.0:1900 0.0.0.0:* users:(("qbittorrent-nox",pid=582,fd=32))
udp UNCONN 0 0 127.0.0.1:33651 0.0.0.0:* users:(("qbittorrent-nox",pid=582,fd=19))
udp UNCONN 0 0 127.0.0.1:8125 0.0.0.0:* users:(("netdata",pid=599,fd=18))
udp UNCONN 0 0 127.0.0.1:37898 0.0.0.0:* users:(("qbittorrent-nox",pid=582,fd=34))
udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:* users:(("unbound",pid=708,fd=5))
udp UNCONN 0 0 192.168.0.28:40514 0.0.0.0:* users:(("qbittorrent-nox",pid=582,fd=21))
udp UNCONN 0 0 0.0.0.0:68 0.0.0.0:* users:(("dhcpcd",pid=580,fd=10))
udp UNCONN 0 0 192.168.0.28:6771 0.0.0.0:* users:(("qbittorrent-nox",pid=582,fd=20))
udp UNCONN 0 0 127.0.0.1:6771 0.0.0.0:* users:(("qbittorrent-nox",pid=582,fd=18))
udp UNCONN 0 0 0.0.0.0:6771 0.0.0.0:* users:(("qbittorrent-nox",pid=582,fd=17))
udp UNCONN 0 0 192.168.0.28:36981 0.0.0.0:* users:(("qbittorrent-nox",pid=582,fd=36))
udp UNCONN 0 0 0.0.0.0:32899 0.0.0.0:* users:(("qbittorrent-nox",pid=582,fd=37))
udp UNCONN 0 0 :5353 : users:(("avahi-daemon",pid=375,fd=13))
udp UNCONN 0 0 [::1]:48913 : users:(("qbittorrent-nox",pid=582,fd=24))
udp UNCONN 0 0 :8999 : users:(("qbittorrent-nox",pid=582,fd=30))
udp UNCONN 0 0 [fe80::996:7a13:5297:ad6a]:37676 : users:(("qbittorrent-nox",pid=582,fd=26))
udp UNCONN 0 0 [::1]:8125 : users:(("netdata",pid=599,fd=16))
udp UNCONN 0 0 :32782 : users:(("avahi-daemon",pid=375,fd=15))
udp UNCONN 0 0 :546 : users:(("dhcpcd",pid=580,fd=15))
udp UNCONN 0 0 [::1]:53 : users:(("unbound",pid=708,fd=3))
udp UNCONN 0 0 [fe80::996:7a13:5297:ad6a]:6771 : users:(("qbittorrent-nox",pid=582,fd=25))
udp UNCONN 0 0 [::1]:6771 : users:(("qbittorrent-nox",pid=582,fd=23))
udp UNCONN 0 0 :6771 : users:(("qbittorrent-nox",pid=582,fd=22))
tcp LISTEN 0 20 127.0.0.1:25 0.0.0.0: users:(("exim4",pid=1349,fd=3))
tcp LISTEN 0 128 127.0.0.1:8125 0.0.0.0: users:(("netdata",pid=599,fd=31))
tcp LISTEN 0 128 0.0.0.0:222 0.0.0.0: users:(("sshd",pid=600,fd=3))
tcp LISTEN 0 128 0.0.0.0:19999 0.0.0.0: users:(("netdata",pid=599,fd=4))
tcp LISTEN 0 5 0.0.0.0:8999 0.0.0.0: users:(("qbittorrent-nox",pid=582,fd=28))
tcp LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:(("lighttpd",pid=695,fd=4))
tcp LISTEN 0 128 0.0.0.0:52050 0.0.0.0:* users:(("MyMediaForAlexa",pid=350,fd=7))
tcp LISTEN 0 128 0.0.0.0:52051 0.0.0.0:* users:(("MyMediaForAlexa",pid=350,fd=3))
tcp LISTEN 0 128 127.0.0.1:53 0.0.0.0:* users:(("unbound",pid=708,fd=6))
tcp LISTEN 0 20 [::1]:25 [::]:* users:(("exim4",pid=1349,fd=4))
tcp LISTEN 0 128 [::1]:8125 [::]:* users:(("netdata",pid=599,fd=30))
tcp LISTEN 0 128 [::]:222 [::]:* users:(("sshd",pid=600,fd=4))
tcp LISTEN 0 128 [::]:19999 [::]:* users:(("netdata",pid=599,fd=5))
tcp LISTEN 0 5 [::]:8999 [::]:* users:(("qbittorrent-nox",pid=582,fd=27))
tcp LISTEN 0 50 :8080 : users:(("qbittorrent-nox",pid=582,fd=40))
tcp LISTEN 0 128 [::]:80 [::]: users:(("lighttpd",pid=695,fd=5))
tcp LISTEN 0 128 [::1]:53 [::]:* users:(("unbound",pid=708,fd=4))
@imthenachoman
Copy link
Owner

The list you pasted, what does it represent?

I am not experienced with Pi. Have you tried posting on https://stackoverflow.com/, or https://askubuntu.com/? Folks there might be able to help better than I.

@imthenachoman imthenachoman self-assigned this Apr 16, 2020
@imthenachoman imthenachoman added the help wanted Extra attention is needed label Apr 16, 2020
@raidoo9
Copy link
Author

raidoo9 commented Apr 16, 2020

Apologies, the pasted list is the output of the command listed under the section "ss - Seeing Ports Your Server Is Listening On"

sudo ss -lntup

I'm just wondering if, and how, I can transfer the information from the output list to create UFW rules to allow the applications I use, similar to the ones you use in the UFW part of the guide?

Thanks

@imthenachoman
Copy link
Owner

Were you able to ever get this figured out? I got a bit caught up with some personal things and am only now getting time to come back to this.

@raidoo9
Copy link
Author

raidoo9 commented Feb 7, 2021

Hey,
Thanks for following up. I had no luck then it got put on hold due to personal issues. Any advice would still be greatly appreciated.

@imthenachoman
Copy link
Owner

You want all of the ports listed to be open on your UFW?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@imthenachoman imthenachoman

Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@imthenachoman @raidoo9