January, 2011 | I sketch in code

If your new to linux, ufw is very useful tool. Really simple to install with ubuntu.

However, should you choose to get rid of it for some reason, it leaves behind quite a mess.
Here is a quick script to clean up the mess.

Here is the whole process as a bash script:

#!/usr/bin/bash
iptables -P INPUT ACCEPT
iptables -X ufw-user-output

iptables -X ufw-user-logging-output

iptables -X ufw-user-logging-input

iptables -X ufw-user-logging-forward

iptables -X ufw-user-limit-accept

iptables -X ufw-user-limit

iptables -X ufw-user-input

iptables -X ufw-user-forward

iptables -X ufw-track-output

iptables -X ufw-track-input

iptables -X ufw-skip-to-policy-output

iptables -X ufw-skip-to-policy-input

iptables -X ufw-skip-to-policy-forward

iptables -X ufw-reject-output

iptables -X ufw-reject-input

iptables -X ufw-reject-forward

iptables -X ufw-not-local

iptables -X ufw-logging-deny

iptables -X ufw-logging-allow

iptables -X ufw-before-output

iptables -X ufw-before-logging-output

iptables -X ufw-before-logging-input

iptables -X ufw-before-logging-forward

iptables -X ufw-before-input

iptables -X ufw-before-forward

iptables -X ufw-after-output

iptables -X ufw-after-logging-output

iptables -X ufw-after-logging-input

iptables -X ufw-after-logging-forward

iptables -X ufw-after-input

iptables -X ufw-after-forward

apt-get remove ufw

#As a basic firewall I’d recommend the following:

iptables -F

iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT

iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT

iptables -A INPUT -p tcp -m tcp –dport 13160-j ACCEPT

iptables -A INPUT -d XX_REPLACE_WITH_YOUR_SERVER_IP/32 -p icmp -m icmp –icmp-type 8 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -d XX_REPLACE_WITH_YOUR_SERVER_IP/32 -p icmp -m icmp –icmp-type 0 -m state –state RELATED,ESTABLISHED -j ACCEPT

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT ACCEPT

This will:

Reset the default policy of INPUT to ACCEPT so we don’t get locked out of our box.
Then remove the custom ufw chains, flush all existing rules, accept established connections, accept all connections on loopback device, accept all connects to ports 80(http),443(https), and 22(sshd)

It will also accept pings from machines which have established a connection. With large packet support now enabled by default in the linux kernel, its important to allow some pings to be accepted. Then we set the default policys of input and forward to drop and output to accept.

Make sure you replace XX_REPLACE_WITH_YOUR SERVER_IP with your servers ip address.

While setting up a lamp stack in a VPS using ubuntu 10 LTR, I got the following error:
Setting up php5-cli (5.3.2-1ubuntu4.5) ... perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LANG = "en_US.utf8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C")

I was also getting a similar error from locale -a
locale -a locale: Cannot set LC_CTYPE to default locale: No such file or directory locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_COLLATE to default locale: No such file or directory

It appears this VPS provider doesn’t have any locales installed by default. I fixed it by installing my locale via apt-get.
apt-get install language-pack-en-base

Update – 1-23-2011

If your using debian instead of ubuntu, see http://people.debian.org/~schultmc/locales.html

Install debconf (i.e. run apt-get update then apt-get install debconf, as root)
Run dpkg-reconfigure locales as root

I sketch in code

Monthly Archives: January 2011

The complicated process for removing the “uncomplicated firewall”

Install errors from missing locales