source : http://www.leshirondellesdunet.com/pare-feu-ufw https://linuxize.com/post/how-to-setup-a-firewall-with-ufw-on-ubuntu-18-04/

Configuration basique du firewall :

ufw-configure.sh

#!/bin/bash
sudo ufw enable
sudo ufw default deny incoming
sudo ufw default deny outgoing
 
# Activation de la journalisation
sudo ufw logging on
 
# Autorisation en sortie du DNS
sudo ufw allow out 53
 
# Autorisation en sortie du FTP
sudo ufw allow out 20,21/tcp
 
# Autorisation en sortie du HTTP et HTTPS
sudo ufw allow out 80/tcp
sudo ufw allow out 443/tcp
 
# Autorisation en sortie de la messagerie
sudo ufw allow out smtp
sudo ufw allow out 465/tcp
sudo ufw allow out 587/tcp
sudo ufw allow out pop3
sudo ufw allow out pop3s/tcp
 
# Autoriser le port du whois
sudo ufw allow out 43/tcp
 
# Autoriser le port de Gnome-Dictionary - DICT
sudo ufw allow out 2628/tcp
 
# Autorisation en sortie SSH
sudo ufw allow out 22/tcp
 
# Autorisation en sortie TV FreeBox --> http://www.leshirondellesdunet.com/vlc
sudo ufw allow out 554/tcp
sudo ufw allow from 212.27.38.253 proto udp
sudo ufw allow out to 212.27.38.253 port 32400:32999 proto udp
 
# Transmission
#sudo ufw allow out 51413/tcp
#sudo ufw allow out 51413/udp
#sudo ufw allow out 6969/tcp
 
# IGS
sudo ufw allow out 7777/tcp
#sudo ufw allow out 7777/udp
sudo ufw allow out 6969/tcp
 
# affichage des règles :
sudo ufw status

/var/log/syslog

• TOS, for Type of service,
• DST is destination ip,
• SRC is source ip
• TTL is time to live, a small counter decremented each time a packet is passed through another router (so if there is a loop, the package destroy itself once to 0)
• DF is “don't fragment” bit, asking to packet to not be fragmented when sent
• PROTO is the protocol (mostly TCP and UDP)
• SPT is the source port
• DPT is the destination port