Το Στέκι των Πληροφορικών

# (1) Reset if needed
sudo ufw reset

# (2) Default policies
sudo ufw default deny incoming
sudo ufw default allow outgoing

# (3) Internal LTSP services - Teachers
sudo ufw allow in on eno1 from 10.xxx.xxx.0/24 to any port 69
sudo ufw allow in on eno1 from 10.xxx.xxx.0/24 to any port 2049
sudo ufw allow in on eno1 from 10.xxx.xxx.0/24 to any port 111
sudo ufw allow in on eno1 from 10.xxx.xxx.0/24 to any port 22

# (4) Internal LTSP services - Labs
sudo ufw allow in on eno2 from 192.168.67.0/24 to any port 69
sudo ufw allow in on eno2 from 192.168.67.0/24 to any port 2049
sudo ufw allow in on eno2 from 192.168.67.0/24 to any port 111
sudo ufw allow in on eno2 from 192.168.67.0/24 to any port 67:68
sudo ufw allow in on eno2 from 192.168.67.0/24 to any port 22

# (5) REMOTE ACCESS - Adjust YOUR_HOME_IP accordingly
sudo ufw allow in on eno1 from YOUR_HOME_IP to any port 22
sudo ufw allow in on eno1 from YOUR_HOME_IP to any port 5900  # Only if direct VNC needed

# (6) Rate limiting for SSH from unknown sources
sudo ufw limit in on eno1 from any to any port 22

# (7) Established connections
sudo ufw allow in on any proto tcp from any to any state established,related

# (8) Block external access to LTSP services
sudo ufw deny in on eno1 from any to any port 69
sudo ufw deny in on eno1 from any to any port 2049
sudo ufw deny in on eno1 from any to any port 111

# (9) Enable firewall
sudo ufw enable

# Save rules
iptables-save > /etc/iptables/rules.v4

# Install iptables-persistent
sudo apt-get install iptables-persistent

# Save current rules
sudo netfilter-persistent save