Ubuntu – Allowing access to redis port for only specific servers with ufw

firewallredisUbuntuufw

I've installed ufw on my Ubuntu 10.04 server. The only thing running on that server is going to be ElasticSearch and Redis. Redis uses port 6379. I only want two different IPs to be able to access the IP address of this machine on that port. I ran the following command:

sudo ufw allow from xx.xx.xx.x1 to any port 6379
sudo ufw allow from xx.xx.xx.x2 to any port 6379
sudo ufw status

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
6379                       ALLOW       xx.xx.xx.x1
6379                       ALLOW       xx.xx.xx.x2
80                         ALLOW       Anywhere
8080                       ALLOW       Anywhere
8080/tcp                   ALLOW       Anywhere

To me it appears as if those two IPs should then be able to access that IP address on that server. But they aren't able to make a connection. Are there other ports I need to open for this to be able to happen?

Best Answer

I figured it out. Deleting the follow rule fixed it such that only those IPs were able to connect.

ufw delete allow 8080

8080                         ALLOW       Anywhere

Related Solutions

Iptables – Cant forward port 443 to 8443 without allowing 8443 on ufw

Instead of using PREROUTING to redirect the packets, you can use rinetd. This program listens on a given port, and when someone connects to it, rinetd connects to a given destination port and essentially proxies traffic between the two. With rinetd listening on port 443 and forwarding connections to port 8443, you can allow connections on 8443 from localhost and block all others.

How to temporarily open a port in ufw for a specific IP address

In my opinion a better solution would be to use port knocking, basically you would have "knock" a series of random ports that would then trigger an action on the server, the action would be to allow your IP address to SSH in. You can even setup a timeout so after a while the port would be closed.

For port knocking you could use knockd. You need a knock client too on the other side of course. A knockd config would look like this:

[options]
   logfile = /var/log/knockd.log

[SSH]
  sequence    = 7000,8000,9000
  seq_timeout = 5
  start_command = ufw allow from %IP% to any port 22
  tcpflags    = syn
  cmd_timeout   = 10
  stop_command  = ufw delete allow from %IP% to any port 22

Best Answer

Related Solutions

Iptables – Cant forward port 443 to 8443 without allowing 8443 on ufw

How to temporarily open a port in ufw for a specific IP address

Related Topic