install unifi protect on ubuntu

We are a current VMw Hello! To control all of the network devices and maintain an effective mesh network, they need something to control them. Once you have read through both documents and agree to them, click the checkbox (2.). The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. As we changed our sources list, we will need to perform a package list update. wget https://get.glennr.nl/unifi/install/unifi-6.4.54.sh After download, run the following command and you should be good to go to install Unifi. Thanks for contributing an answer to Ask Ubuntu! Are we using it like we use the word cloud? To fix these errors, please make sure that your domain name was I spun up an Ubuntu 20.04 Linux container in Proxmox, updated and (since I was logged in as root, removed sudo, and I like to type Y so): The software stack versions for unifi are starting to become a problem with newer operating systems. UniFi resolves this by managing all access points from a central controller and treating them as a single network. Short story about swapping bodies as a job; the person who hires the main character misuses his body. Next, go to the controller and click on Setup Protect. The script we will be using will install the latest version. Install and upgrade the UniFi Network application with the following command: 5. Just wanna thanks for your guide. Create a folder in this mount point and give the user which executes unifi-video permissions on this folder. Could it be that the latest Unifi release needs a newer Java release? Log in to your Vultr account, open Products, and click on Deploy Server. As following the unifi guide I was getting an error with starting the service, which looked to me from the JDK. Our first step is to download the UniFi GPG key to our system. Tips Be sure you are running the latest script. You can either right-click on the program icon and select Run as administrator or go to Properties >> Compatibility >> mark the Run this program as an administrator >> OK. You must have root or sudo user access on Linux/MacOS. Run the commands below to install the latest release of UniFi Network Application (UniFi Controller). Within this section, we will be showing you how to access your freshly installed UniFi controllers web interface. Why is it trying to create that directory? Install Unifi Network Controller on Ubuntu 20.04 - Super Easy With these following steps we will be editing the script to use your domain. Down on the left, click SETTINGS. So let us upgrade our current installation: Datacenter > 102 (nvr) > Hardware > Add > Hard Disk. The instructions provided here are for Ubuntu Server 20.04. Install certbot for SSL certificate setup: Download shell script for SSL certificate setup and make it executable: In the last step in addition to your sub-domain you also need to specify your email address which will be used to send you notices if your SSL certificate is about to expire: Now your Unifi controller should be accessible on https://unifi.example.com:8443 with a valid SSL certificate. Anyways, lets make sure noone can snoop around in this folder: Allright. http-01 challenge for unifi.onutech.com Prerequisites As always, I am using Proxmox. How about saving the world? This final piece of software is called MongoDB and is the database server that UniFi requires. This is how I installed unifi-video on an Ubuntu 20.04 server, to use with my Home Assistant installation. Does your controller see the access point? I've been doing help desk for 10 years or so. Before we get started, we will need to update the package list of the Ubuntu system. The logging paths semm to be set up correctly. Run the following command to generate a SSL Certificate for your domain. Tried on Ubuntu 20.04.02. Download this key to your system using the following command within the terminal. Once you are ready, you can proceed through the setup process by clicking the Next button (2.). Install prerequisites sudo apt-get install mongodb mongodb-server openjdk-8-jre-headless jsvc Download UniFi Video installer Now just wait while the installation proceeds to install some required software.5. Refer to the post linked above for the most current information. Error opening input file /etc/letsencrypt/live/unifi.onutech.com/cert.pem Site design / logo 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA. When using the commands below, it is assumed you havesudoandwgetinstalled, more information aboutsudocan be foundhere, andwgethere. 7. The UniFi controller can instead be installed on any Windows, Mac or Ubuntu PC (or VM), allowing you to run it on hardware you already have. Now access the UniFi Controller web UI using the URL https://IP_Address:8443. If you already have your devices, you can now choose to set them up. I rebooted but the result stays the same. http://unifi.onutech.com/.well-known/acme-challenge/-Yqy5KBHLmGHs6uPE3GYPU_nw5rPXpqzwNizywCtuls: Ubuntu Precise Pangolin ( 12.04 ) Ubuntu Trusty Tahr ( 14.04 ) Ubuntu Xenial Xerus ( 16.04 ) Ubuntu Bionic Beaver ( 18.04 ) . Any ideas anybody? This tutorial makes an assumption that you are running Ubuntu on an x64 system (Not an ARM based device like the Raspberry Pi). Additionally, please check that Add Unify repository and GPG keys: We need to add the Unifi repo apt sources list, so that we can install unifi controller with 'apt-get' on our Ubuntu 16.04 server. This script will ban people after 4 failed attempts for 10 minutes. GitHub - SystemJargon/unifi-video: Unifi-Video (mostly Debian/Ubuntu On This Day May 1st May Day CelebrationsToday traditionally marked the beginning of summer, being about midway between the spring and summer solstices. Failed authorization procedure. Thats not to say that you cant run it in the cloud or have a dedicated controller. After installing MongoDB, we want to ensure that its service is enabled to start at boot. The only solution would be to uninstall MongoDB 6.0 from your system and remove the repository providing that version of MongoDB. Consulting/Contact/Newsletter: http://www.williehowe.com WHAT'S A SUBNET MASK? I havent had a chance to test this for myself so there may be further issues when attempting to do this on an ARM based system. We can now install the final piece of software we require to install and run the UniFi controller on Ubuntu. 8. Please comment below if you have questions about running the UniFi controller on Ubuntu. Steps to install unifi-video on Ubuntu 18.04 Raw unifi-video-ubuntu-18-04.md log in as root: sudo su if you don't have MongoDB already installed: sudo apt-get install mongodb mongodb-server openjdk-8-jre-headless=8u162-b12-1 jsvc Scan this QR code to download the app now. Uncomment the three lines for Debian/Ubuntu# Uncomment following three lines for Debian/UbuntuUNIFI_DIR=/var/lib/unifiJAVA_DIR=/usr/lib/unifiKEYSTORE=${UNIFI_DIR}/keystoreSet the Lets Encrypt mode toyes:If you only enable the line, by removing the #, and you will have to set the value to yes.LE_MODE=yesSave and close the filePress Ctrl +X followed by Y and Enter to save and close the file. Alternatively, we have plenty of general Linux guides that are well worth a read. Using openssl to prepare certificate unifi requires mongodb 3.x, which requires libssl1.1, which Ubuntu 22.04 depreciated in favor of libssl3. Providing this video will be easier to follow than me explaining it https://www.youtube.com/watch?v=g2wXjV6xjMg . To add the GPG Keys use one of the two methods described below (Method A is recommended). I am having the same issue, which is the mongodb-server has to be LESS than 3.6.0 and Ubuntu 18.04 only has the 3.6.3 version to install. The Network Controller application fails to start somehow. How to install an SSL certificate on Ubiquiti Unifi Other systems can only be managed from the cloud which some people may view as a security risk. Open up putty and type in the IPv4 address of your server and click open. This software is old.. 11. 7. 1. 1199 unifi -cwd /usr/lib/unifi -home /usr/lib/jvm/java-8-openjdk-amd64 -cp /usr/share/java/commo> or check out the Wireless forum. One other advantage is the simplicity of setting up devices. Unfortunately you can only use ip-addresses for site to site vpns. Learn how your comment data is processed. Ubiquitis UniFi product lineup has seen enormous growth in popularity due to its range of high quality access points. How To Setup Unifi Controller On Ubuntu Linux 16.04 | Unixmen With a fresh Ubuntu 20.04 install, the script worked to install UniFi 6.1.71-15061-1, except the web interface wouldn't start, and this message was reported by systemctl status: unifi[36574]: WARN Unable to load properties from '/usr/lib/unifi/data/system.properties' - /usr/lib/unifi/data/system.properties (No such file or directory). Our first task is to install some packages we will rely on to add the package repositories we require as well as run the UniFi network controller. Next, chose a name for your controller and accept the terms and conditions. 5. Step 2. After being disappointed to find that Ubiquiti will not allow you to run UniFi protect on your own equipment, I ended up finding an installer file for Ubiquiti Protect that would work on Ubuntu/Debian. Next, to utilize this controller, you will be required to agree to the Ubiquiti end-user license agreement and their terms of service. Tired 3.10 and 3.10.13 unifi-video installs also, same issue. I do not have UFW active. Stack Exchange network consists of 181 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Also, when I check the open ports with sudo lsof -nP -iTCP -sTCP:LISTEN I don't see where the port 8443 is listening and open. Install UniFi Network Application on Ubuntu 18.04 / Debian 9 We can now install UniFi Network Application on Ubuntu 18.04 / Debian 9 once Java 8 is confirmed to be the default Java version in the system. Clone with Git or checkout with SVN using the repositorys web address. If you dont have root rights you have to use sudo for every command! . Thanks so much for the detailed reply @davecoutts. Oct 01 23:04:39 dvr1 systemd[1]: Started unifi. Inserting certificate into Unifi keystore What's the real definition of burnout? your computer has a publicly routable IP address and that no At this point the controller is up and running and properly configured on the firewall and server. I'm trying to install the Unifi software on Ubuntu 18.04. VMware ESXi 7.0 Remove Host Client session timeout, LINT1 motherboard interrupt error while installing VMware ESXi, VMware Baseline Updates & HCL Check Missing, How to install VMware Tools in a Debian VM, Error 500 after upgrading VMware vCenter to 7.0.2.00200, How to change E1000 into VMXNET3 vNIC on a Windows VM, Create VM Customization Specifications for Windows Server 2019, Power On virtual machine Module CPUID power on failed, Unable to delete an inaccessible datastore (Zombie datastore), How to fix vSphere HA initiated a virtual machine failover action, NFS-Server with CentOS 8 / Red Hat 8 for VMware vCenter Backups, The default partition / has only 3.8 GB of available space. The wizard will redirect you to the main dashboard and your network will be set up. First, let us create a mount point. Starting Unifi controller Upload the security certificate file the SSL archive you received from the CA in the PKCS#7 format (.cer or .p7b) to the UniFi base folder. Asking for help, clarification, or responding to other answers. If you dont have an account, you must register for one by going to the official Ubiquiti website. With your login details entered, click the Next button (2.). If your distro does not come with MongoDB, and it's not available in their repo, then please see the MongoDB installation guide. How to combine several legends in one frame? . Before the setup process is complete, you will get a chance to review all of the options you just configured (1.). It only takes a minute to sign up. A minor scale definition: am I missing something? pyunifiprotect is an unofficial API for UniFi Protect. sudo apt install unifi 8. This means you dont need to procure hardware through trade-specific distribution networks. Then use sudo mkfs.ext4 /dev/sdb1 to reformat to ext4. Its using Free NAS. what is default admin username and password of mongodb ? You should now be complete with the installation.7. 3. How to Install UniFi on Ubuntu 18.04 It is possible to install UniFi in multiple ways. CPU & Storage Technology: Intel Regular Performance. Finally, now that everything is in place, we can install the UniFi controller to Ubuntu by using the following command. We will be using the simple ot use ufw firewall. Next, install that package to your system. I followed this and found I also had to install openjdk-8-jdk to get it running. ), you will get the chance to adopt them to your network controller. Did you happen to install this on Linode or somewhere else? If you want to be able to access your controller through Unifis cloud enter your login details here. Steps to install unifi-video on Ubuntu 18.04 GitHub - Gist However, Ive found some downloads which should be appropriate for our manual installation: Lets try to install unifi-video.Ubuntu18.04_amd64.v3.10.11.deb on this Ubuntu 20.04 installation of ours. Go to UniFi video in your web browser. client. Almost there, but getting the errors, Have confirmed Mongo is installed and running (and reinstalled) Also getting a notificating during apt update. I hope this helps, if you have more questions let me know and thank you for the visit! This is exactly the help I needed. 2. So, I got Ubuntu 22.04 LTS installed as VM in my network. I dont want to use it for storage as I have several TB of hard drives on my server. Instead of running steps from 7 to 10, you will instead need to do the following. On whose turn does the fright from a terror dive end? unifi.service - unifi Loaded: loaded (/lib/systemd/system/unifi.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2021-10-01 23:04:39 CDT; 3min 13s ago Process: 1001 ExecStart=/usr/lib/unifi/bin/unifi.init start (code=exited, status=0/SUCCESS) Main PID: 1196 (jsvc) Tasks: 37 (limit: 43313) Memory: 313.0M CGroup: /system.slice/unifi.service 1196 unifi -cwd /usr/lib/unifi -home /usr/lib/jvm/java-8-openjdk-amd64 -cp /usr/share/java/commo> 1199 unifi -cwd /usr/lib/unifi -home /usr/lib/jvm/java-8-openjdk-amd64 -cp /usr/share/java/commo> 1200 unifi -cwd /usr/lib/unifi -home /usr/lib/jvm/java-8-openjdk-amd64 -cp /usr/share/java/commo>, Oct 01 23:03:36 dvr1 systemd[1]: Starting unifi Oct 01 23:03:36 dvr1 unifi.init[1001]: * Starting Ubiquiti UniFi Controller unifi Oct 01 23:04:39 dvr1 unifi.init[1001]: fail! log in as root: sudo su if you don't have MongoDB already installed: sudo apt-get install mongodb mongodb-server openjdk-8-jre-headless=8u162-b12-1 jsvc I did this on Ubuntu Server 21.04 on arm64 RPi4b, works fine, mongodb 3.6.3 gets installed: I used the pre-installed Raspberry Pi image for Ubuntu 21.04, maybe there is a difference there? How To Run UniFi Controller in Docker Container Try again. Start here for a quick overview of the site, Detailed answers to any questions you might have, Discuss the workings and policies of this site. 5. At this point, you will finally have the UniFi controller up and running on your Ubuntu device. Being on Linux also reduces a lot of overhead that Windows typically laid on. The current version of UniFi SDN Controller that we will be installing is 6.2.23Of course new packages will be released and they can be found on thereUniFi Software Download Page. An unexpected error occurred: Complete the installation of Unifi Controller: To setup SSL you need a domain thats pointing to your Unifi Controllers IP address. Removing existing certificate from Unifi protected keystore Install UniFi Video 3.8.5 on Ubuntu or Debian | Incredigeek Seems like a much cheaper option if it will accomplish the same thing. After adding the keyserver and the repository, when I try installing Unifi Protect, I get the following error: unifi-protect : Depends nodejs (< 9.0) but 12.18.2~dfsg-1ubuntu2 is to be installed or nsolid-carbon but it is not installable : Depends postgresql (<= 10.5) but 12+216 is to be installed E: Unable to correct problems, you have held . Why are players required to record the moves in World Championship Classical games? With this command, the apt package manager will download UniFi from the official repository that we added in an earlier step. Need to create vpn to sites, or how do I manage to point the devices to the fqdn address. Whilst this may theoretically answer the question. It would be best to change your ubuntu server hostname to reflect the complete subdomain FQDN. Ive read some people use a raspberry pi just to host protect. Cheers! This command will start up MongoDB on your Ubuntu device immediately. I have had this message pop up for one of my old clients I still do support for and I am still the Admin for on their 365 system. Want to know when new posts are published? Next prompt will be to install script to be able to update Unifi Network Controller via APT, type in: Y6. While the controller software can be installed on any PC, a dedicated server will simplify management. I am on the final step of deploying a new ubuntu 20.04 server for my home automation: configuring wifi. We must also install the GPG keys so the repo is trusted: Next, update the apt cache and install the UniFi controller along with its prerequisites: Once the install is finished, check that the service is running: If the service shows as failed or not running, restart the service with: Check the status again and verify that the service is running. Is it just a matter of adding the 3.6 repo? Self-Hosting a UniFi Network Server (Advanced) At this point, you can enter an SSID and password for your network (1.). Yes, thank you for this! Performing the following challenges: How should I start MongoDB on a NUMA machine? Unifi Protect Review and Setup Guide LazyAdmin Thanks for the efforts on this, we get this error when running. package architecture (amd64) does not match system (arm64) I came up with a simple script to automate the installation of UniFi Protect onto your own Linux VM. While you will usually find professional grade access points in businesses instead of homes, they provide a benefit in any building. to complete the setup. Let's install the latest GA UniFi on Ubuntu 18.04 on a Protectli 6P device! Need some advice on how to get this fixed. On a Raspberry Pi 4 (arm64), I needed to modify one line: Works perfectly. A CCIE certified networks and systems specialist with 10 years of experience in designing, configuring, troubleshooting, and documenting diverse IT scenarios for ISPs, enterprises and startups. Thanks to this post, https://community.ui.com/questions/unifi-video-wont-start-anymore-FIX-INSIDE/297dbfc0-7e04-4a50-92b8-dab4acf50a03i, it is fairly easy. And add the following content into it0 */12 * * * root letsencrypt renew5 */12 * * * root unifi_ssl_import.shPress Ctrl +X followed by Y and Enter to save and close the file. This script was created by, To start we will need to install LetsEncrypt. The latest version Ive found of unifi-video was 3.10.11 3.10.13. With a fresh Ubuntu 20.04 install, the script worked to install UniFi 6.1.71-15061-1, except the web interface wouldn't start, and this message was reported by systemctl status: unifi [36574]: WARN Unable to load properties from '/usr/lib/unifi/data/system.properties' - /usr/lib/unifi/data/system.properties (No such file or directory) If it is not launching, use the following command: Source: https://help.ui.com/hc/en-us/articles/220066768-UniFi-Network-How-to-Install-and-Update-via-APT-on-Debian-or-Ubuntu, If you have any questions, please leave it in the comments. This results in a confusing mix of networks with devices connecting to a sub-optimal AP, causing weak signal. I moved the other service and restarted unifi with sudo service unifi restart and I'm up and running now. We will now configure a proper firewall with rules for your Ubuntu 20.04 Server. Installing an SSL certificate on Ubiquiti Unifi - Namecheap This is still required using Ubuntu 20.04-2. Use the following procedure to install the latest version of Unifi Controller on your system. Initially, set label to GPT. document.getElementById( "ak_js_1" ).setAttribute( "value", ( new Date() ).getTime() ); Disclaimer & Privacy Policy | About us | Contact, How to Setup ExpressVPN on the Raspberry Pi, Installing Mathematica on the Raspberry Pi, Raspberry Pi IRC Server: Setup your own Chat Network, Raspberry Pi Flightradar24: Track Nearby Aircraft, Installing EmulationStation on the Raspberry Pi. Enable it with this command: sudo su - Access the UDM files by opening the UniFi shell: unifi-os shell The following errors were reported by the server: Domain: unifi.onutech.com Buenas tardes, 4. Install Unifi Network Controller on Ubuntu 20.04 with no effort and almost zero linux knowledge. I would have it plugged into a UPS so data corruption from power loss shouldnt be an issue. Don't know if the last step was really necessary but it worked. I have not had an issue with getting portainer and cockpit running. Learn more about Stack Overflow the company, and our products. I've moved to the LinuxServer docker container with Unifi. Install UniFi Controller On Ubuntu 20.04 Linode Download and install. There is plenty more you can do with UniFi hardware such as having multiple SSIDs on separate vlans, captive portal and MAC address based vlan assignments. Instantly share code, notes, and snippets. Using more /etc/passwd | grep unifi I take a wild guess and assume that the user unifi-video is the appropriate user to give permissions to this folder to: (This was also confirmed by checking out the permissions on Ubiquitis default folder, ls -alh /usr/lib/unifi-video/data/videos). Here are my firewall rules and iptable entries To Action From - 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 19999/tcp ALLOW Anywhere 8443/tcp ALLOW Anywhere 8123/tcp ALLOW Anywhere 1880/tcp ALLOW Anywhere OpenSSH ALLOW Anywhere 22/udp ALLOW Anywhere 53/tcp ALLOW Anywhere 53/udp ALLOW Anywhere 22 ALLOW Anywhere 8080 ALLOW Anywhere 8880 ALLOW Anywhere 8443 ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere 3478/udp ALLOW Anywhere 10001/udp ALLOW Anywhere 6666/udp ALLOW Anywhere 47763/udp ALLOW Anywhere Anywhere ALLOW 192.168.15.0/24 8880/udp ALLOW Anywhere 8843/udp ALLOW Anywhere 6789/tcp ALLOW Anywhere 1900/udp ALLOW Anywhere 5514/udp ALLOW Anywhere 9080/tcp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) 19999/tcp (v6) ALLOW Anywhere (v6) 8443/tcp (v6) ALLOW Anywhere (v6) 8123/tcp (v6) ALLOW Anywhere (v6) 1880/tcp (v6) ALLOW Anywhere (v6) OpenSSH (v6) ALLOW Anywhere (v6) 22/udp (v6) ALLOW Anywhere (v6) 53/tcp (v6) ALLOW Anywhere (v6) 53/udp (v6) ALLOW Anywhere (v6) 22 (v6) ALLOW Anywhere (v6) 8080 (v6) ALLOW Anywhere (v6) 8880 (v6) ALLOW Anywhere (v6) 8443 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6) 3478/udp (v6) ALLOW Anywhere (v6) 10001/udp (v6) ALLOW Anywhere (v6) 6666/udp (v6) ALLOW Anywhere (v6) 47763/udp (v6) ALLOW Anywhere (v6) 8880/udp (v6) ALLOW Anywhere (v6) 8843/udp (v6) ALLOW Anywhere (v6) 6789/tcp (v6) ALLOW Anywhere (v6) 1900/udp (v6) ALLOW Anywhere (v6) 5514/udp (v6) ALLOW Anywhere (v6) 9080/tcp (v6) ALLOW Anywhere (v6), # Generated by iptables-save v1.8.4 on Thu Dec 23 20:07:24 2021 *nat :PREROUTING ACCEPT [1295:112217] :INPUT ACCEPT [739:57570] :OUTPUT ACCEPT [126:8077] :POSTROUTING ACCEPT [75:4620] -A POSTROUTING -o enp1s0 -j MASQUERADE COMMIT # Completed on Thu Dec 23 20:07:24 2021 # Generated by iptables-save v1.8.4 on Thu Dec 23 20:07:24 2021 *filter :INPUT DROP [153:9095] :FORWARD DROP [1:344] :OUTPUT ACCEPT [4:168] :ufw-after-forward [0:0] :ufw-after-input [0:0] :ufw-after-logging-forward [0:0] :ufw-after-logging-input [0:0] :ufw-after-logging-output [0:0] :ufw-after-output [0:0] :ufw-before-forward [0:0] :ufw-before-input [0:0] :ufw-before-logging-forward [0:0] :ufw-before-logging-input [0:0] :ufw-before-logging-output [0:0] :ufw-before-output [0:0] :ufw-logging-allow [0:0] :ufw-logging-deny [0:0] :ufw-not-local [0:0] :ufw-reject-forward [0:0] :ufw-reject-input [0:0] :ufw-reject-output [0:0] :ufw-skip-to-policy-forward [0:0] :ufw-skip-to-policy-input [0:0] :ufw-skip-to-policy-output [0:0] :ufw-track-forward [0:0] :ufw-track-input [0:0] :ufw-track-output [0:0] :ufw-user-forward [0:0] :ufw-user-input [0:0] :ufw-user-limit [0:0] :ufw-user-limit-accept [0:0] :ufw-user-logging-forward [0:0] :ufw-user-logging-input [0:0] :ufw-user-logging-output [0:0] :ufw-user-output [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i enp2s0 -j ACCEPT -A INPUT -i enp1s0 -m conntrack ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -j ufw-before-logging-input -A INPUT -j ufw-before-input -A INPUT -j ufw-after-input -A INPUT -j ufw-after-logging-input -A INPUT -j ufw-reject-input -A INPUT -j ufw-track-input -A FORWARD -i enp2s0 -o enp1s0 -j ACCEPT -A FORWARD -i enp1s0 -o enp2s0 -m conntrack ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -j ufw-before-logging-forward -A FORWARD -j ufw-before-forward -A FORWARD -j ufw-after-forward -A FORWARD -j ufw-after-logging-forward -A FORWARD -j ufw-reject-forward -A FORWARD -j ufw-track-forward -A OUTPUT -j ufw-before-logging-output -A OUTPUT -j ufw-before-output -A OUTPUT -j ufw-after-output -A OUTPUT -j ufw-after-logging-output -A OUTPUT -j ufw-reject-output -A OUTPUT -j ufw-track-output -A ufw-after-input -p udp -m udp dport 137 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp dport 138 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp -m tcp dport 139 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp -m tcp dport 445 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp dport 67 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp dport 68 -j ufw-skip-to-policy-input -A ufw-after-input -m addrtype dst-type BROADCAST -j ufw-skip-to-policy-input -A ufw-after-logging-forward -m limit limit 3/min limit-burst 10 -j LOG log-prefix [UFW BLOCK] -A ufw-after-logging-input -m limit limit 3/min limit-burst 10 -j LOG log-prefix [UFW BLOCK] -A ufw-before-forward -m conntrack ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-forward -p icmp -m icmp icmp-type 3 -j ACCEPT -A ufw-before-forward -p icmp -m icmp icmp-type 11 -j ACCEPT -A ufw-before-forward -p icmp -m icmp icmp-type 12 -j ACCEPT -A ufw-before-forward -p icmp -m icmp icmp-type 8 -j ACCEPT -A ufw-before-forward -j ufw-user-forward -A ufw-before-input -i lo -j ACCEPT -A ufw-before-input -m conntrack ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-input -m conntrack ctstate INVALID -j ufw-logging-deny -A ufw-before-input -m conntrack ctstate INVALID -j DROP -A ufw-before-input -p icmp -m icmp icmp-type 3 -j ACCEPT -A ufw-before-input -p icmp -m icmp icmp-type 11 -j ACCEPT -A ufw-before-input -p icmp -m icmp icmp-type 12 -j ACCEPT -A ufw-before-input -p icmp -m icmp icmp-type 8 -j ACCEPT -A ufw-before-input -p udp -m udp sport 67 dport 68 -j ACCEPT -A ufw-before-input -j ufw-not-local -A ufw-before-input -d 224.0.0.251/32 -p udp -m udp dport 5353 -j ACCEPT -A ufw-before-input -d 239.255.255.250/32 -p udp -m udp dport 1900 -j ACCEPT -A ufw-before-input -j ufw-user-input -A ufw-before-output -o lo -j ACCEPT -A ufw-before-output -m conntrack ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-output -j ufw-user-output -A ufw-logging-allow -m limit limit 3/min limit-burst 10 -j LOG log-prefix [UFW ALLOW] -A ufw-logging-deny -m conntrack ctstate INVALID -m limit limit 3/min limit-burst 10 -j RETURN -A ufw-logging-deny -m limit limit 3/min limit-burst 10 -j LOG log-prefix [UFW BLOCK] -A ufw-not-local -m addrtype dst-type LOCAL -j RETURN -A ufw-not-local -m addrtype dst-type MULTICAST -j RETURN -A ufw-not-local -m addrtype dst-type BROADCAST -j RETURN -A ufw-not-local -m limit limit 3/min limit-burst 10 -j ufw-logging-deny -A ufw-not-local -j DROP -A ufw-skip-to-policy-forward -j DROP -A ufw-skip-to-policy-input -j DROP -A ufw-skip-to-policy-output -j ACCEPT -A ufw-track-output -p tcp -m conntrack ctstate NEW -j ACCEPT -A ufw-track-output -p udp -m conntrack ctstate NEW -j ACCEPT -A ufw-user-input -p tcp -m tcp dport 19999 -j ACCEPT -A ufw-user-limit -m limit limit 3/min -j LOG log-prefix [UFW LIMIT BLOCK] -A ufw-user-limit -j REJECT reject-with icmp-port-unreachable -A ufw-user-limit-accept -j ACCEPT COMMIT # Completed on Thu Dec 23 20:07:24 2021.