Software engineering notes

Rather than read the entrails of iptables syntax, I’d prefer to continue respecting myself, and use something more user-friendly, something like the Uncomplicated Firewall (ufw). I just learned about this, but it’s the Ubuntu default. I’d like to have faith, but for now I just hope it doesn’t suck.

The UFW wiki page linked above states “Setting the default mode of ufw is recommended before turning it on …”: sudo ufw default deny

That was easy. Next, I’ll enable it: sudo ufw enable

Now, I’ll allow port 2222 for ssh: sudo ufw allow 2222

And allow port 80 for tcp: sudo ufw allow 80/tcp

Check the current settings: sudo ufw status

Turn on logging: sudo ufw logging on

Ubuntu’s saying I need to restart in order for the changes to take effect. Fingers-crossed. Holding breath: sudo shutdown -r now …

As an aside, why does it have to be this way? Why can’t we just know that it will work? To be fair, UFW does seem pretty simple, and UFW’s –dry-run might be exactly what I’m looking for. Hopefully, UFW keeps me safe. Once I figure out how to automate deployment, things might be ok.

Ok, let’s check on the our ability to log in locally …

Good. I can still log in locally, so I didn’t lock myself out utterly. Checking local ssh as a sanity check: ssh -v localhost -p 2222

That works. Checking remote log in: ssh erik@172.16.83.133 -p 2222

Hmm. That still doesn’t work, and nothing is showing up in either /var/logs/auth.log or /var/logs/messages. Lemme try viewing the iptables directly:
sudo iptables -L

Wow. UFW knows how to generate iptables. The list goes on forever. Let’s try again w/ less: sudo iptables -L | less

I can see 2222, www, and ssh allowed, so it’s not obvious why I can’t ssh in. Following a couple suggestions on the vmware forums, I set /etc/hosts.allow to “SSHD:ALL”, and set networking to “bridged”, but still no luck.

Ok. I’ll hang it up for now. Here’s a nice, soothing picture of a kelp forrest to chill out to:

Photo credit: Moral Threat