§2024-09-30
To set up a firewall on a Linux system, you can use iptables or ufw (Uncomplicated Firewall). Here’s a quick guide for both:
¶Using UFW:
-
Install UFW (if not installed):
- `sudo apt install ufw
-
Enable UFW:
sudo ufw enable
-
low specific services (e.g., SSH):
sudo ufw allow sshsudo ufw allow 5000- This will allow both TCP and UDP by default.
-
Check status:
sudo ufw status
$ sudo ufw status <-- mail.yushei.net
[sudo] password for alexlai:
Status: active
To Action From
-- ------ ----
22/tcp DENY Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
25/tcp ALLOW Anywhere
587/tcp ALLOW Anywhere
993/tcp ALLOW Anywhere
995/tcp ALLOW Anywhere
4443 ALLOW Anywhere
43443/tcp ALLOW Anywhere
1765 ALLOW Anywhere
22 DENY Anywhere
22/tcp (v6) DENY Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
25/tcp (v6) ALLOW Anywhere (v6)
587/tcp (v6) ALLOW Anywhere (v6)
993/tcp (v6) ALLOW Anywhere (v6)
995/tcp (v6) ALLOW Anywhere (v6)
4443 (v6) ALLOW Anywhere (v6)
43443/tcp (v6) ALLOW Anywhere (v6)
1765 (v6) ALLOW Anywhere (v6)
22 (v6) DENY Anywhere (v6)
¶Using iptables:
- install
sudo apt-get install iptables
- View current rules:
sudo iptables -L
- Allow a specific port (e.g., port 22 for SSH):
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
- Drop all other traffic (if desired):
sudo iptables -A INPUT -j DROP
- Save the rules:
sudo iptables-save > /etc/iptables/rules.v4
On a Jitsi video server, the following ports should typically be opened:
TCP/UDP 80: For HTTP traffic. TCP/UDP 443: For HTTPS traffic. TCP/UDP 10000: For WebRTC media traffic. TCP 22: For SSH access (if needed). TCP 5280: For XMPP (Prosody) web interface. Make sure to configure your firewall to allow these ports to ensure proper functionality of the Jitsi server.
You said: for rocket.chat ChatGPT said: ChatGPT For a Rocket.Chat server, the following ports should typically be opened:
TCP 3000: The default port for Rocket.Chat. TCP 443: For HTTPS traffic if you're using SSL. TCP 80: For HTTP traffic (if needed). TCP 22: For SSH access (if you need to connect remotely to the server). TCP 8080: If you're using the Rocket.Chat REST API or for other specific configurations. Make sure to configure your firewall to allow these ports to ensure proper operation of the Rocket.Chat server.
You said: for wildduck web mail server ChatGPT said: ChatGPT For a WildDuck web mail server, you'll typically need to open the following ports:
TCP 80: For HTTP traffic (optional if using HTTPS). TCP 443: For HTTPS traffic (recommended for secure access). TCP 143: For IMAP (unencrypted) access. TCP 993: For IMAP over SSL (secure access). TCP 587: For SMTP submission (for sending emails). TCP 465: For SMTPS (SMTP over SSL, if used). TCP 25: For SMTP (for receiving emails, though often restricted by ISPs). Ensure these ports are configured correctly in your firewall to allow the necessary traffic for your WildDuck server to function properly.
You said: for jicofo ? ChatGPT said: ChatGPT For Jicofo, the following ports should typically be opened:
TCP 5347: For XMPP (Jabber) communication with the XMPP server. UDP 10000: For media traffic (used for WebRTC). TCP 443: If you're using Jicofo over HTTPS (recommended). Make sure your firewall allows these ports to ensure proper functionality of the Jicofo server in a Jitsi video conferencing setup.