-
Notifications
You must be signed in to change notification settings - Fork 18
Firewall: Modify Default Ruleset
Although I've put together a basic set of rules that would meet an average use-case, obviously some users will have unique connectivity requirements and need to modify the base ruleset.
One of the aims of this project- beyond the obvious one of configuring a Pi into an AP- is to empower people to get their hands dirty and gain hands-on networking experience. UFW is well documented and syntax easy to understand.
tail -fn 50 /var/log/messages
The n switch in the above command tells tail to give an arbitrary number of lines context; in this case the previous 50 lines are displayed. Now everytime UFW blocks when you try to connect it will print to screen in real-time telling you specifically how your connectivity is broken.
Once you have identified the ports being blocked by UFW, you need to open then up in Step 2....
No point in me reinventing the wheel here writing another UFW tutorial. There are many good ones, a few of which are suggested below. Use these to learn how to modify the default ruleset I provided in pi-ap:
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-18-04
https://help.ubuntu.com/community/UFW
Please Note: that in addition to the pi-ap's UFW firewall, you might need to modify the Internet-connected router's FW the Pi is uplinked to.
You'd be surprised how easy it is maintaining your FW ruleset. Only way you'll get better is to operate outside your comfort zone