I only want http, https and DNS to be open.
I'm having troubles with setting up port ranges in the UFW GUI. How do I input configs into the feilds?
Basically, something along the lines of this, but in GUFW, as I'm trying to convert my Windows paranoid bro who hates the command line.
iptables -I OUTPUT -p tcp --dport 80 --sport 32768:61000 -j ACCEPT
iptables -I OUTPUT -p udp --dport 53 --sport 32768:61000 -j ACCEPT
iptables -I OUTPUT -p tcp --dport 443 --sport 32768:61000 -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -I OUTPUT -p icmp -j DROP
iptables -I INPUT -p icmp -j DROP
iptables -I INPUT -p udp -j DROP
iptables -I INPUT -p tcp -m tcp --syn -j DROP
iptables -I INPUT -i lo -j ACCEPT
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
And there has to be a logging system easily accessible to see any supposed intrusions.
You will have to change the policy to first deny out going , then allow the ports you want.
When you open gufw, it will look like this
Enable the firewall by clicking the "Enabled" box
Deny Incoming and Outgoing.
Add a rule for the ports you wish to allow (80,443,53)
You can add a simple rule, and list your ports, it will look like this
Final result
See the firweall section of This guide or The ubuntu wiki GUFW for additional details.