Firewalld/UFW (Another one from good ole Chat)

General system Community contributions
1

And he said (lol but could be hallucinating)…

[FirewalldZones]
description = "Explanation of the use and differences between the 'public' and 'home' zones in firewalld."

[FirewalldZones.Definitions]
home = "Intended for home networks. More trusting, suitable for environments where all devices are considered safe."
public = "Used for public networks where the devices on the network are not trusted. More restrictive to enhance security."

[FirewalldZones.Usage]
home_usage = "Use for internal services within a controlled environment, such as a private home or organization network. Ideal for media servers, file sharing within trusted networks."
public_usage = "Use for external services exposed to a wider and potentially untrusted network. Typically used for services accessible over the internet, such as web servers."

[FirewalldZones.SecurityConsiderations]
home_security = "Offers a simpler management without compromising security within a trusted environment. Less restrictive, assuming all network traffic is safe."
public_security = "Provides enhanced security measures. Suitable for environments where the network is shared with unknown or potentially malicious users."

[FirewalldZones.BestPractices]
best_practices = [
  "Assess the environment: Consider the trust level of the network when choosing a zone.",
  "Use specific zones for specific purposes: Customize zones based on the security level required for different types of traffic.",
  "Separate internal and external services: Allocate zones based on whether services are for internal use or exposed to the public internet."
]

[FirewalldSettings]
description = "Explanation of runtime and permanent settings in firewalld."

[FirewalldSettings.RuntimeVsPermanent]
runtime = "Temporary changes that do not persist after a reboot. Effective immediately but only until the next restart of the service or the system."
permanent = "Changes saved to the firewall configuration files and loaded each time firewalld starts. Persist through system reboots."

[FirewalldSettings.Advantages]
runtime_advantages = "Quick testing and immediate effect without affecting long-term configurations, allowing for safe trial of new rules."
permanent_advantages = "Ensures consistency in firewall rules across system restarts, ideal for establishing a stable and secure network environment."

[FirewalldSettings.UsageGuidelines]
guidelines = [
  "Use runtime changes for testing and immediate needs without long-term impact.",
  "Apply permanent settings for rules that need to be consistently enforced across reboots.",
  "Regularly review and convert tested runtime rules into permanent configurations to maintain system security."
]


[FirewalldInstallation]
description = "Step-by-step guide to install and enable firewalld on Arch Linux."
commands = [
    "sudo pacman -Syu firewalld",
    "sudo systemctl enable firewalld",
    "sudo systemctl start firewalld",
    "sudo systemctl status firewalld"
]

[BasicFirewalldConfiguration]
description = "Basic commands to configure firewalld."
commands = [
    "firewall-cmd --get-default-zone",
    "firewall-cmd --list-all-zones",
    "sudo firewall-cmd --zone=public --add-service=http --permanent",
    "sudo firewall-cmd --reload"
]

[AdditionalFirewalldCommands]
description = "Extended list of firewalld management commands."
commands = [
    "firewall-cmd --get-services",
    "sudo firewall-cmd --zone=public --remove-service=http --permanent",
    "sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent",
    "sudo firewall-cmd --list-all",
    "sudo firewall-cmd --list-all --permanent",
    "sudo firewall-cmd --zone=public --list-ports",
    "sudo firewall-cmd --zone=public --list-services",
    "firewall-cmd --permanent --list-services",
    "firewall-cmd --runtime --list-services"
]

[GamePorts]
description = "List of TCP and UDP game ports for firewall configuration."

[GamePorts.TCP]
ports = [80, 443, 5222, 5223]

[GamePorts.UDP]
ports = [53, 3432, 3478, 3479, 5060, 5062, 30443]
port_ranges = ["12000-29999", "32800-32900"]


[GamePortsConfiguration]
description = "Commands to add specific TCP and UDP game ports to firewalld."
TCP_ports = [80, 443, 5222, 5223]
UDP_ports = [53, 3432, 3478, 3479, 5060, 5062]
UDP_port_ranges = ["12000-29999", "32800-32900"]
commands = [
    "sudo firewall-cmd --zone=public --add-port=80/tcp --permanent",
    "sudo firewall-cmd --zone=public --add-port=443/tcp --permanent",
    "sudo firewall-cmd --zone=public --add-port=5222/tcp --permanent",
    "sudo firewall-cmd --zone=public --add-port=5223/tcp --permanent",
    "sudo firewall-cmd --zone=public --add-port=53/udp --permanent",
    "sudo firewall-cmd --zone=public --add-port=3432/udp --permanent",
    "sudo firewall-cmd --zone=public --add-port=3478/udp --permanent",
    "sudo firewall-cmd --zone=public --add-port=3479/udp --permanent",
    "sudo firewall-cmd --zone=public --add-port=5060/udp --permanent",
    "sudo firewall-cmd --zone=public --add-port=5062/udp --permanent",
    "sudo firewall-cmd --zone=public --add-port=30443/udp --permanent",
    "sudo firewall-cmd --zone=public --add-port=12000-29999/udp --permanent",
    "sudo firewall-cmd --zone=public --add-port=32800-32900/udp --permanent",
    "sudo firewall-cmd --reload"
]

[RichRulesForIPRanges]
description = "Commands to add IP ranges to firewalld using rich rules, targeting specific network segments for EU1 and EU2."
IP_ranges = [
  "92.223.1.0/22 (Covers 92.223.1.0 to 92.223.3.255)",
  "92.223.20.0/22 (Covers 92.223.20.0 to 92.223.23.255)"
]
commands = [
    "sudo firewall-cmd --zone=public --add-rich-rule='rule family=\"ipv4\" source address=\"92.223.1.0/22\" accept' --permanent",
    "sudo firewall-cmd --zone=public --add-rich-rule='rule family=\"ipv4\" source address=\"92.223.20.0/22\" accept' --permanent",
    "sudo firewall-cmd --reload"
]


[ComparisonFirewalldUfw]
description = "Detailed comparison between firewalld and ufw to help decide which might be better for specific user needs."
text = "firewalld offers dynamic management with zones and services suitable for complex setups, while ufw is easier for simpler and straightforward configurations."

[GuiInstallation]
description = "Guide to install the GUI for firewalld, named firewall-config."
commands = [
    "sudo pacman -S firewall-config",
    "firewall-config"
]

[ComplementaryPrograms]
description = "List of additional tools and utilities that can enhance or complement firewalld."
programs = [
    "fail2ban",
    "nftables",
    "wireshark-qt",
    "syslog-ng",
    "gufw",
    "networkmanager",
    "portsentry",
    "snort"
]
commands = [
    "sudo pacman -S fail2ban",
    "sudo pacman -S nftables",
    "sudo pacman -S wireshark-qt",
    "sudo pacman -S syslog-ng",
    "sudo pacman -S gufw",
    "sudo pacman -S networkmanager network-manager-applet",
    "sudo pacman -S portsentry",
    "sudo pacman -S snort"
]
2

Why do you need all those “Game ports” open, aer you using that on a vps?

3

I don’t have them open… Not yet and most likely not for a long long time.

Lol when I came back I was really hoping to have a chat with @keybreak but I think he got suspended which I was sad to find out about. I think he was into gaming.

I’m not really into gaming. I like one game and only one game not another. lol I’m faithful like that lol.

World of tanks. If/when I can play my WOT on this pc that will be just fine a dandy! :smiley:

Also it was a way of me finding out about opening ports, ips etc

1 Like
4

Looking at those ports it seemed to me you were doing maybe doing port forwarding at home to those open ports but generally that’s not necessary anymore with how modern day multiplayer works now days, that’s why I was asking.

1 Like
5

I got the info from this page

* **EU1 IPs:** 92.223.1.0 – 92.223.3.255
* **EU2 IPs:** 92.223.20.0 – 92.223.23.255
  * An additional IP range may be required for voice communication (Vivox).
* **TCP game ports:** 80, 443, 5222, 5223 *(login, garage and chat services)*
* **UDP game ports:** 53, 3432, 3478, 3479, 5060, 5062, 12000–29999, 30443, 32800–32900
1 Like
6

Looks more like they are listing the server ranges for WoT there and what ports you need to be able to access from your location you are connecting from. So those are all most likely destination ports, as you you have to be able to connect to them from your lan.

The following verifies that.

Advanced firewalls and additional network security tools may also filter based on protocols/ports. Please double-check your network security settings and/or temporarily disable them (completely), for testing purposes.

So they are talking about if you were in a situation where you are in a network with an advanced firewall that filters network traffic and blocks certain destination ports by default.

1 Like
7

Thank you for looking at it and explaining.

You definitely know more than I on the subject lol.

Not too fussed atm as I know that’s a dream far far away right now.

8

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.