ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    BRRABill's Field Report With Linux

    Scheduled Pinned Locked Moved IT Discussion
    148 Posts 14 Posters 19.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BRRABillB
      BRRABill @momurda
      last edited by

      @momurda said in BRRABill's Field Report With Linux:

      I think you mean ip addr
      ifconfig is old-hat, apparently. I still in habit of using ifconfig myself.

      I started way back in the day of using ifconfig and just haven't broken out of it it.

      Way back in the day meaning like July.

      1 Reply Last reply Reply Quote 1
      • dafyreD
        dafyre
        last edited by

        I'll likely keep typing it until it starts saying:

        "Command not found, use ip addr, ya idjit"

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @dafyre
          last edited by

          @dafyre said in BRRABill's Field Report With Linux:

          I'll likely keep typing it until it starts saying:

          "Command not found, use ip addr, ya idjit"

          You can fix that with an alias.

          dafyreD 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            ifconfig is deal, long live ip addr

            travisdh1T 1 Reply Last reply Reply Quote 0
            • travisdh1T
              travisdh1 @scottalanmiller
              last edited by

              @scottalanmiller said in BRRABill's Field Report With Linux:

              ifconfig is deal, long live ip a

              FYFY - cause I'm lazy, and that's all I type out

              1 Reply Last reply Reply Quote 0
              • dafyreD
                dafyre @scottalanmiller
                last edited by

                @scottalanmiller said in BRRABill's Field Report With Linux:

                @dafyre said in BRRABill's Field Report With Linux:

                I'll likely keep typing it until it starts saying:

                "Command not found, use ip addr, ya idjit"

                You can fix that with an alias.

                True. But at that point, I'd likely just sigh and type the correct command.

                1 Reply Last reply Reply Quote 2
                • BRRABillB
                  BRRABill
                  last edited by

                  QOTD:

                  So I installed Ubuntu 16.10 yesterday to set up a Unifi cloud controller.

                  I followed some pretty simple directions here which had me "setup the iptables" firewall.
                  https://community.ubnt.com/t5/UniFi-Wireless/Step-by-Step-Walkthrough-Set-up-Unifi-Cloud-Controller-v-4-7-6/td-p/1324666

                  But I have seen most articles reference ufw as the firewall in Ubuntu, a "front end" for iptables.

                  So, can someone explain what the heck these two things are? Are they two separate things that should not be used together?

                  ufw was installed but not enabled on my install. Is iptables enabled by default on fresh installs?

                  travisdh1T 1 Reply Last reply Reply Quote 0
                  • travisdh1T
                    travisdh1 @BRRABill
                    last edited by

                    @BRRABill said in BRRABill's Field Report With Linux:

                    QOTD:

                    So I installed Ubuntu 16.10 yesterday to set up a Unifi cloud controller.

                    I followed some pretty simple directions here which had me "setup the iptables" firewall.
                    https://community.ubnt.com/t5/UniFi-Wireless/Step-by-Step-Walkthrough-Set-up-Unifi-Cloud-Controller-v-4-7-6/td-p/1324666

                    But I have seen most articles reference ufw as the firewall in Ubuntu, a "front end" for iptables.

                    So, can someone explain what the heck these two things are? Are they two separate things that should not be used together?

                    ufw was installed but not enabled on my install. Is iptables enabled by default on fresh installs?

                    iptables is the user-space application to configure the tables kernel firewall. Almost every Linux based firewall app uses iptables in the background to do it's work. So this ufw is just another way to manage the firewall. Leave it to Ubuntu to do something odd.

                    I'd hope a firewall is enabled by default, that it's missing as default in CentOS7-1511 is super annoying.

                    BRRABillB 1 Reply Last reply Reply Quote 0
                    • BRRABillB
                      BRRABill @travisdh1
                      last edited by

                      @travisdh1 said in BRRABill's Field Report With Linux:

                      @BRRABill said in BRRABill's Field Report With Linux:

                      QOTD:

                      So I installed Ubuntu 16.10 yesterday to set up a Unifi cloud controller.

                      I followed some pretty simple directions here which had me "setup the iptables" firewall.
                      https://community.ubnt.com/t5/UniFi-Wireless/Step-by-Step-Walkthrough-Set-up-Unifi-Cloud-Controller-v-4-7-6/td-p/1324666

                      But I have seen most articles reference ufw as the firewall in Ubuntu, a "front end" for iptables.

                      So, can someone explain what the heck these two things are? Are they two separate things that should not be used together?

                      ufw was installed but not enabled on my install. Is iptables enabled by default on fresh installs?

                      iptables is the user-space application to configure the tables kernel firewall. Almost every Linux based firewall app uses iptables in the background to do it's work. So this ufw is just another way to manage the firewall. Leave it to Ubuntu to do something odd.

                      I'd hope a firewall is enabled by default, that it's missing as default in CentOS7-1511 is super annoying.

                      The "odd" thing is that when I use ufw to list the rules in place (in iptables) nothing is listed.

                      Which makes me wonder if they are separate things...

                      travisdh1T 1 Reply Last reply Reply Quote 0
                      • travisdh1T
                        travisdh1 @BRRABill
                        last edited by

                        @BRRABill said in BRRABill's Field Report With Linux:

                        @travisdh1 said in BRRABill's Field Report With Linux:

                        @BRRABill said in BRRABill's Field Report With Linux:

                        QOTD:

                        So I installed Ubuntu 16.10 yesterday to set up a Unifi cloud controller.

                        I followed some pretty simple directions here which had me "setup the iptables" firewall.
                        https://community.ubnt.com/t5/UniFi-Wireless/Step-by-Step-Walkthrough-Set-up-Unifi-Cloud-Controller-v-4-7-6/td-p/1324666

                        But I have seen most articles reference ufw as the firewall in Ubuntu, a "front end" for iptables.

                        So, can someone explain what the heck these two things are? Are they two separate things that should not be used together?

                        ufw was installed but not enabled on my install. Is iptables enabled by default on fresh installs?

                        iptables is the user-space application to configure the tables kernel firewall. Almost every Linux based firewall app uses iptables in the background to do it's work. So this ufw is just another way to manage the firewall. Leave it to Ubuntu to do something odd.

                        I'd hope a firewall is enabled by default, that it's missing as default in CentOS7-1511 is super annoying.

                        The "odd" thing is that when I use ufw to list the rules in place (in iptables) nothing is listed.

                        Which makes me wonder if they are separate things...

                        Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?

                        BRRABillB DashrenderD 2 Replies Last reply Reply Quote 0
                        • BRRABillB
                          BRRABill @travisdh1
                          last edited by

                          @travisdh1 said

                          Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?

                          Well, that's part of m question as well.

                          From a little reading, it appears there is no firewall by default, because no ports are open.

                          But then all you have to do is add ports into iptables, and that enables it?

                          This is why I am confused.

                          travisdh1T DashrenderD 2 Replies Last reply Reply Quote 0
                          • travisdh1T
                            travisdh1 @BRRABill
                            last edited by

                            @BRRABill said in BRRABill's Field Report With Linux:

                            @travisdh1 said

                            Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?

                            Well, that's part of m question as well.

                            From a little reading, it appears there is no firewall by default, because no ports are open.

                            But then all you have to do is add ports into iptables, and that enables it?

                            This is why I am confused.

                            Nope. You want a web server on port 80, just install apache2. Done.

                            1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @BRRABill
                              last edited by

                              @BRRABill said in BRRABill's Field Report With Linux:

                              @travisdh1 said

                              Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?

                              Well, that's part of m question as well.

                              From a little reading, it appears there is no firewall by default, because no ports are open.

                              But then all you have to do is add ports into iptables, and that enables it?

                              This is why I am confused.

                              No adding ports to iptables doesn't not enable it - you'd have to start the service that enables it, and then open the required ports (I suppose you could do it either one first, but if you don't enable the service, then there is no firewall running)

                              BRRABillB 1 Reply Last reply Reply Quote 1
                              • BRRABillB
                                BRRABill @Dashrender
                                last edited by

                                @Dashrender said i

                                No adding ports to iptables doesn't not enable it - you'd have to start the service that enables it, and then open the required ports (I suppose you could do it either one first, but if you don't enable the service, then there is no firewall running)

                                Are you sure about that?

                                iptables is just the interface to the firewall, which I think is always running.

                                Now, by default, it is allowing everything.

                                I set up another fresh droplet for testing, and this is what iptables -L gives me

                                Chain INPUT (policy ACCEPT)
                                Chain FORWARD (policy ACCEPT)
                                Chain OUTPUT (policy ACCEPT)
                                
                                travisdh1T 1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @travisdh1
                                  last edited by

                                  yep, I'm sure IF the following is correct and the firewall is not enabled by default as mentioned below.

                                  @travisdh1 said in BRRABill's Field Report With Linux:

                                  Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?

                                  BRRABillB 1 Reply Last reply Reply Quote 0
                                  • BRRABillB
                                    BRRABill @Dashrender
                                    last edited by

                                    @Dashrender said in BRRABill's Field Report With Linux:

                                    yep, I'm sure IF the following is correct and the firewall is not enabled by default as mentioned below.

                                    @travisdh1 said in BRRABill's Field Report With Linux:

                                    Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?

                                    I think maybe what @travisdh1 meant was that it is enabled, but be default allows everything.

                                    Hence, it seeming like it's not actually firewalling anything.

                                    @travisdh1 ???

                                    And where are all the Ubuntu experts here on ML???

                                    travisdh1T 1 Reply Last reply Reply Quote 0
                                    • BRRABillB
                                      BRRABill
                                      last edited by

                                      So, in this fresh install, I tried adding a rule in ufw, and it added all sorts of stuff to iptables.

                                      So maybe it works the one way, but not the other?

                                      DashrenderD 1 Reply Last reply Reply Quote 0
                                      • DashrenderD
                                        Dashrender @BRRABill
                                        last edited by

                                        @BRRABill said in BRRABill's Field Report With Linux:

                                        So, in this fresh install, I tried adding a rule in ufw, and it added all sorts of stuff to iptables.

                                        So maybe it works the one way, but not the other?

                                        that's completely possible. Unifi stuff is that way
                                        you can update the device with a json file, but it won't update the GUI.

                                        BRRABillB 1 Reply Last reply Reply Quote 0
                                        • BRRABillB
                                          BRRABill @Dashrender
                                          last edited by

                                          @Dashrender said in BRRABill's Field Report With Linux:

                                          @BRRABill said in BRRABill's Field Report With Linux:

                                          So, in this fresh install, I tried adding a rule in ufw, and it added all sorts of stuff to iptables.

                                          So maybe it works the one way, but not the other?

                                          that's completely possible. Unifi stuff is that way
                                          you can update the device with a json file, but it won't update the GUI.

                                          Actually the Unifi installer made NO changes to iptables.

                                          DashrenderD 1 Reply Last reply Reply Quote 0
                                          • BRRABillB
                                            BRRABill
                                            last edited by

                                            I mean that adding in one rule in ufw (allwing SSH) added all this to the output of iptables -L

                                            Chain INPUT (policy DROP)
                                            target     prot opt source               destination
                                            ufw-before-logging-input  all  --  anywhere             anywhere
                                            ufw-before-input  all  --  anywhere             anywhere
                                            ufw-after-input  all  --  anywhere             anywhere
                                            ufw-after-logging-input  all  --  anywhere             anywhere
                                            ufw-reject-input  all  --  anywhere             anywhere
                                            ufw-track-input  all  --  anywhere             anywhere
                                            
                                            Chain FORWARD (policy DROP)
                                            target     prot opt source               destination
                                            ufw-before-logging-forward  all  --  anywhere             anywhere
                                            ufw-before-forward  all  --  anywhere             anywhere
                                            ufw-after-forward  all  --  anywhere             anywhere
                                            ufw-after-logging-forward  all  --  anywhere             anywhere
                                            ufw-reject-forward  all  --  anywhere             anywhere
                                            ufw-track-forward  all  --  anywhere             anywhere
                                            
                                            Chain OUTPUT (policy ACCEPT)
                                            target     prot opt source               destination
                                            ufw-before-logging-output  all  --  anywhere             anywhere
                                            ufw-before-output  all  --  anywhere             anywhere
                                            ufw-after-output  all  --  anywhere             anywhere
                                            ufw-after-logging-output  all  --  anywhere             anywhere
                                            ufw-reject-output  all  --  anywhere             anywhere
                                            ufw-track-output  all  --  anywhere             anywhere
                                            
                                            Chain ufw-after-forward (1 references)
                                            target     prot opt source               destination
                                            
                                            Chain ufw-after-input (1 references)
                                            target     prot opt source               destination
                                            ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-ns
                                            ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-dgm
                                            ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:netbios-ssn
                                            ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:microsoft-ds
                                            ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootps
                                            ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootpc
                                            ufw-skip-to-policy-input  all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
                                            
                                            
                                            
                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 5 / 8
                                            • First post
                                              Last post