Compare commits
1 commit
Author | SHA1 | Date | |
---|---|---|---|
d9470ab980 |
7 changed files with 30 additions and 123 deletions
|
@ -119,6 +119,7 @@ rev: 2024-12-10
|
||||||
- [Wildcard](utilities/Wildcard.md)
|
- [Wildcard](utilities/Wildcard.md)
|
||||||
- [Textpieces](utilities/Textpieces.md)
|
- [Textpieces](utilities/Textpieces.md)
|
||||||
- [ImHex](utilities/ImHex.md)
|
- [ImHex](utilities/ImHex.md)
|
||||||
|
- [VirtManager](utilities/virt-manager.md)
|
||||||
|
|
||||||
# Mobile
|
# Mobile
|
||||||
- [Aegis](./utilities/Aegis.md)
|
- [Aegis](./utilities/Aegis.md)
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
---
|
---
|
||||||
obj: application
|
obj: application
|
||||||
repo: https://git.launchpad.net/ufw/
|
|
||||||
arch-wiki: https://wiki.archlinux.org/title/Uncomplicated_Firewall
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# ufw
|
# ufw
|
||||||
|
@ -19,134 +17,19 @@ The next line is only needed _once_ the first time you install the package:
|
||||||
ufw enable
|
ufw enable
|
||||||
```
|
```
|
||||||
|
|
||||||
**See status:**
|
See status:
|
||||||
```shell
|
```shell
|
||||||
ufw status
|
ufw status
|
||||||
```
|
```
|
||||||
|
|
||||||
**Enable/Disable:**
|
Enable/Disable
|
||||||
```shell
|
```shell
|
||||||
ufw enable
|
ufw enable
|
||||||
ufw disable
|
ufw disable
|
||||||
```
|
```
|
||||||
|
|
||||||
**Allow/Deny:**
|
Allow/Deny ports
|
||||||
```shell
|
```shell
|
||||||
ufw allow <app|port>
|
ufw allow <app|port>
|
||||||
ufw deny <app|port>
|
ufw deny <app|port>
|
||||||
|
```
|
||||||
ufw allow from <CIDR>
|
|
||||||
ufw deny from <CIDR>
|
|
||||||
```
|
|
||||||
|
|
||||||
## Forward policy
|
|
||||||
Users needing to run a VPN such as OpenVPN or WireGuard can adjust the `DEFAULT_FORWARD_POLICY` variable in `/etc/default/ufw` from a value of `DROP` to `ACCEPT` to forward all packets regardless of the settings of the user interface. To forward for a specific interface like `wg0`, user can add the following line in the filter block
|
|
||||||
|
|
||||||
```sh
|
|
||||||
# /etc/ufw/before.rules
|
|
||||||
|
|
||||||
-A ufw-before-forward -i wg0 -j ACCEPT
|
|
||||||
-A ufw-before-forward -o wg0 -j ACCEPT
|
|
||||||
```
|
|
||||||
|
|
||||||
You may also need to uncomment
|
|
||||||
|
|
||||||
```sh
|
|
||||||
# /etc/ufw/sysctl.conf
|
|
||||||
|
|
||||||
net/ipv4/ip_forward=1
|
|
||||||
net/ipv6/conf/default/forwarding=1
|
|
||||||
net/ipv6/conf/all/forwarding=1
|
|
||||||
```
|
|
||||||
|
|
||||||
## Adding other applications
|
|
||||||
The PKG comes with some defaults based on the default ports of many common daemons and programs. Inspect the options by looking in the `/etc/ufw/applications.d` directory or by listing them in the program itself:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
ufw app list
|
|
||||||
```
|
|
||||||
|
|
||||||
If users are running any of the applications on a non-standard port, it is recommended to simply make `/etc/ufw/applications.d/custom` containing the needed data using the defaults as a guide.
|
|
||||||
|
|
||||||
> **Warning**: If users modify any of the PKG provided rule sets, these will be overwritten the first time the ufw package is updated. This is why custom app definitions need to reside in a non-PKG file as recommended above!
|
|
||||||
|
|
||||||
Example, deluge with custom tcp ports that range from 20202-20205:
|
|
||||||
|
|
||||||
```ini
|
|
||||||
[Deluge-my]
|
|
||||||
title=Deluge
|
|
||||||
description=Deluge BitTorrent client
|
|
||||||
ports=20202:20205/tcp
|
|
||||||
```
|
|
||||||
|
|
||||||
Should you require to define both tcp and udp ports for the same application, simply separate them with a pipe as shown: this app opens tcp ports 10000-10002 and udp port 10003:
|
|
||||||
|
|
||||||
```ini
|
|
||||||
ports=10000:10002/tcp|10003/udp
|
|
||||||
```
|
|
||||||
|
|
||||||
One can also use a comma to define ports if a range is not desired. This example opens tcp ports 10000-10002 (inclusive) and udp ports 10003 and 10009
|
|
||||||
|
|
||||||
```ini
|
|
||||||
ports=10000:10002/tcp|10003,10009/udp
|
|
||||||
```
|
|
||||||
|
|
||||||
## Deleting applications
|
|
||||||
Drawing on the Deluge/Deluge-my example above, the following will remove the standard Deluge rules and replace them with the Deluge-my rules from the above example:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
ufw delete allow Deluge
|
|
||||||
ufw allow Deluge-my
|
|
||||||
```
|
|
||||||
|
|
||||||
## Black listing IP addresses
|
|
||||||
It might be desirable to add ip addresses to a blacklist which is easily achieved simply by editing `/etc/ufw/before.rules` and inserting an `iptables DROP` line at the bottom of the file right above the "COMMIT" word.
|
|
||||||
|
|
||||||
```sh
|
|
||||||
# /etc/ufw/before.rules
|
|
||||||
|
|
||||||
...
|
|
||||||
## blacklist section
|
|
||||||
# block just 199.115.117.99
|
|
||||||
-A ufw-before-input -s 199.115.117.99 -j DROP
|
|
||||||
# block 184.105.*.*
|
|
||||||
-A ufw-before-input -s 184.105.0.0/16 -j DROP
|
|
||||||
|
|
||||||
# don't delete the 'COMMIT' line or these rules won't be processed
|
|
||||||
COMMIT
|
|
||||||
```
|
|
||||||
|
|
||||||
## Rate limiting with ufw
|
|
||||||
ufw has the ability to deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. Users should consider using this option for services such as SSH.
|
|
||||||
|
|
||||||
Using the above basic configuration, to enable rate limiting we would simply replace the allow parameter with the limit parameter. The new rule will then replace the previous.
|
|
||||||
|
|
||||||
```sh
|
|
||||||
ufw limit SSH
|
|
||||||
```
|
|
||||||
|
|
||||||
## Disable remote ping
|
|
||||||
Change `ACCEPT` to `DROP` in the following lines:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
/etc/ufw/before.rules
|
|
||||||
|
|
||||||
# ok icmp codes
|
|
||||||
...
|
|
||||||
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
|
|
||||||
```
|
|
||||||
|
|
||||||
If you use IPv6, related rules are in `/etc/ufw/before6.rules`.
|
|
||||||
|
|
||||||
## Disable UFW logging
|
|
||||||
Disabling logging may be useful to stop UFW filling up the kernel (dmesg) and message logs:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
ufw logging off
|
|
||||||
```
|
|
||||||
|
|
||||||
## UFW and Docker
|
|
||||||
Docker in standard mode writes its own iptables rules and ignores ufw ones, which could lead to security issues. A solution can be found at https://github.com/chaifeng/ufw-docker.
|
|
||||||
|
|
||||||
## GUI frontends
|
|
||||||
If you are using KDE Plasma, you can just go to `Wi-Fi & Networking > Firewall` to access and adjust firewall configurations given `plasma-firewall` is installed.
|
|
8
technology/applications/utilities/virt-manager.md
Normal file
8
technology/applications/utilities/virt-manager.md
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
obj: application
|
||||||
|
repo: https://github.com/virt-manager/virt-manager
|
||||||
|
website: https://virt-manager.org
|
||||||
|
---
|
||||||
|
|
||||||
|
# Virt Manager
|
||||||
|
#wip
|
11
technology/libvirt.md
Normal file
11
technology/libvirt.md
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
obj: application
|
||||||
|
repo: https://gitlab.com/libvirt
|
||||||
|
website: https://libvirt.org
|
||||||
|
arch-wiki: https://wiki.archlinux.org/title/Libvirt
|
||||||
|
---
|
||||||
|
|
||||||
|
# libvirt
|
||||||
|
#wip
|
||||||
|
|
||||||
|
libvirt has a GUI frontend with [virt-manager](./applications/utilities/virt-manager.md).
|
|
@ -17,4 +17,4 @@ Proxmox Virtual Environment (Proxmox VE) is an open-source virtualization platfo
|
||||||
### 4. **Storage Options:**
|
### 4. **Storage Options:**
|
||||||
- Proxmox VE offers various storage options, including local storage, networked storage (Ceph, NFS, iSCSI), and [ZFS](filesystems/ZFS.md) (Zettabyte File System) support. This allows users to choose the storage solution that best fits their requirements.
|
- Proxmox VE offers various storage options, including local storage, networked storage (Ceph, NFS, iSCSI), and [ZFS](filesystems/ZFS.md) (Zettabyte File System) support. This allows users to choose the storage solution that best fits their requirements.
|
||||||
### 5. **Backup and Restore:**
|
### 5. **Backup and Restore:**
|
||||||
- The built-in backup and restore features simplify data protection in Proxmox VE. Users can create scheduled backups of VMs and containers, allowing for quick recovery in case of data loss or system failures.
|
- The built-in backup and restore features simplify data protection in Proxmox VE. Users can create scheduled backups of VMs and containers, allowing for quick recovery in case of data loss or system failures.
|
||||||
|
|
|
@ -5,6 +5,8 @@ repo: https://github.com/qemu/qemu
|
||||||
rev: 2024-05-02
|
rev: 2024-05-02
|
||||||
---
|
---
|
||||||
|
|
||||||
|
#refactor -> https://wiki.archlinux.org/title/QEMU
|
||||||
|
|
||||||
# QEMU
|
# QEMU
|
||||||
QEMU is an open-source emulator and virtualizer that enables running operating systems and various software applications on different hardware architectures. It supports [emulation](../emulation/Emulation.md) of various CPU architectures, including x86, ARM, PowerPC, and SPARC, among others. It allows running [virtual machines](../tools/Virtual%20Machine.md).
|
QEMU is an open-source emulator and virtualizer that enables running operating systems and various software applications on different hardware architectures. It supports [emulation](../emulation/Emulation.md) of various CPU architectures, including x86, ARM, PowerPC, and SPARC, among others. It allows running [virtual machines](../tools/Virtual%20Machine.md).
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,7 @@ aliases: ["VM"]
|
||||||
obj: concept
|
obj: concept
|
||||||
wiki: https://en.wikipedia.org/wiki/Virtual_machine
|
wiki: https://en.wikipedia.org/wiki/Virtual_machine
|
||||||
---
|
---
|
||||||
|
|
||||||
# Virtual Machine
|
# Virtual Machine
|
||||||
In computing, a virtual machine (VM) is the virtualization or [emulation](../emulation/Emulation.md) of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer.
|
In computing, a virtual machine (VM) is the virtualization or [emulation](../emulation/Emulation.md) of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer.
|
||||||
|
|
||||||
|
@ -10,4 +11,5 @@ Virtual Machine can be used to run operating systems in an isolated environment.
|
||||||
|
|
||||||
## Virtual Machine Software
|
## Virtual Machine Software
|
||||||
- [qemu](../linux/qemu.md)
|
- [qemu](../linux/qemu.md)
|
||||||
- [Proxmox](../linux/Proxmox.md)
|
- [Proxmox](../linux/Proxmox.md)
|
||||||
|
- [libvirt](../libvirt.md)
|
||||||
|
|
Loading…
Reference in a new issue