I have the same Problem as described here, but the given solution doesnt work for me:
When I add the rule ufw deny out to any
, and add the port 80, 443/tcp, ssh-port
as exceptions, and then add iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
I still am not able to use apt-get update, or similar things.
root@iof304:~# ufw status
Status: active
To Action From
-- ------ ----
22 DENY Anywhere
80 ALLOW Anywhere
(ssh) LIMIT Anywhere
22 DENY Anywhere (v6)
80 ALLOW Anywhere (v6)
(ssh) ALLOW Anywhere (v6)
(ssh) ALLOW OUT Anywhere
Anywhere DENY OUT Anywhere
80 ALLOW OUT Anywhere
443/tcp ALLOW OUT Anywhere
(ssh) ALLOW OUT Anywhere (v6)
Anywhere (v6) DENY OUT Anywhere (v6)
80 ALLOW OUT Anywhere (v6)
443/tcp ALLOW OUT Anywhere (v6)
Now, I'll delete the ufw deny out to any
(with that, everything works fine) but I'ld like to restrict everything as good as possible, so what I probably would need to know, are the ports used for apt-get
– they have to be OUT ports, since only deny out to any
blocks everything, but apt-get
doesnt seem to have a problem downloading stuff with that rule disabled (is that a sign that the other IN ports arent blocked?)
Thanks in advance
Best Answer
These rules helped me to successfully get rate limiting on SSH, allow in/out http and https, enable git, and have apt and aptitude working no problem:
Note: I did initiate these rules with a
ufw reset
in order to start fresh.