network manager says “device not managed”
# nmcli con down test-lab nmcli dev disconnect wls1 nmcli con mod "SSID" ipv4.dns "8.8.8.8 8.8.4.4" nmcli con mod "SSID" ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844" nmcli con up "SSID" ifname wls1 nmcli device status nmcli connection show # nmcli connection show --active nmcli device show wls1
sudo ufw disable sudo ufw reset sudo ufw default deny incoming sudo ufw default deny outgoing sudo ufw allow out on wls1 from any to 8.8.8.8 port 53 proto udp sudo ufw allow out on wls1 from any to 8.8.4.4 port 53 proto udp sudo ufw allow out on wls1 from any to any port 80 proto tcp # sudo ufw allow out on wls1 from any to any port 8080 proto tcp sudo ufw allow out on wls1 from any to any port 443 proto tcp sudo ufw enable sudo service ufw restart sudo ufw status numbered sudo ufw status verbose
sudo ufw allow out domain # sudo ufw allow out 53/tcp # sudo ufw allow out 53/udp sudo ufw allow out http # sudo ufw allow out 80/tcp # sudo ufw allow out 80/udp sudo ufw allow out https # sudo ufw allow out 443/tcp # sudo ufw allow out 443/udp sudo ufw allow out http-alt # sudo ufw allow out 8080/tcp # sudo ufw allow out 8080/udp
sudo service network-manager restart
- UDP is in some ways a better protocol for DoS attacks
- Any connection to the outside comes from a local port (but not 80!), to another computer's port 80, thus the rule must allow outbound to anywhere, on port 80.
- Private Address Space
- Port 53 is reserved for the Domain Name System (DNS).
- DNS uses UDP for most of its queries
- Using the NetworkManager Command Line Tool, nmcli
- How can I use Firefox with Ubuntu firewall (gufw)?
- How do I with ufw deny all outgoing ports excepting the ones I need?
- Настройка DNS
- Google Public DNS
