ufw rule form errors












1














First, the errors, then the reasoning:



$ sudo ufw allow 22/tcp in on eno1 from 192.168.0.100
[sudo] password for robinadm: xxxx
ERROR: Invalid interface clause



Hmm.... perhaps the "in" is redundant with the "from"?



$ sudo ufw allow 22/tcp on eno1 from 192.168.0.100
ERROR: Wrong number of arguments



Why the need for detail after a default of deny?
I have two NICs, eno1 (= eth0) and eno2 (= eth1).
The former is for specific inbound and outbound LAN communications, the latter will be for limited outbound-only WAN communications.



I want the rule to be very specific as to the access: port, NIC, which LAN system.



I do not want a cluster of rules that require vast amounts of if-then thinking, rather very specific rules that are all-in-one.
I do not want to set the same for any system since there are 17 different OSs and/or OS versions.



Hence, I want to avoid over-simplifications; I just need to understand the correct format which will act as a template for many more.
This one is a good example.
If the format works as modules then it ought, in some way, work as integrated ones as well, which will be cleaner and easier to maintain whence it runs.
I have found piecemeal explanations for each fragmented "piece" of this rule's logic, but see no full-integration logic or even examples anywhere.



I greatly appreciate your assistance in resolving the form so the rule parser stops choking w/o any concrete explanations like a compiler's parser outputs. Thanks.






ufw







share|improve this question







New contributor




frankfenderbender is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Did you read man ufw? The part that says ufw [--dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out] [log|log-all] [PORT[/PROTOCOL] | APPNAME ] [comment COMMENT], and its explanation should help you.
    – waltinator
    Jan 4 at 4:53










  • Thanks waltinator. I had just reduced the complexity down to "$ sudo ufw allow proto tcp from 192.168.0.100 port 22" and the template rule was added. Naturally, the MacOSX side failed to access due to the usual [cr]Apple unseen, however, it's a good start. Thanks again. I still want to specify the NIC and am working on that aspect now. ;-)
    – frankfenderbender
    Jan 4 at 4:58


















1














First, the errors, then the reasoning:



$ sudo ufw allow 22/tcp in on eno1 from 192.168.0.100
[sudo] password for robinadm: xxxx
ERROR: Invalid interface clause



Hmm.... perhaps the "in" is redundant with the "from"?



$ sudo ufw allow 22/tcp on eno1 from 192.168.0.100
ERROR: Wrong number of arguments



Why the need for detail after a default of deny?
I have two NICs, eno1 (= eth0) and eno2 (= eth1).
The former is for specific inbound and outbound LAN communications, the latter will be for limited outbound-only WAN communications.



I want the rule to be very specific as to the access: port, NIC, which LAN system.



I do not want a cluster of rules that require vast amounts of if-then thinking, rather very specific rules that are all-in-one.
I do not want to set the same for any system since there are 17 different OSs and/or OS versions.



Hence, I want to avoid over-simplifications; I just need to understand the correct format which will act as a template for many more.
This one is a good example.
If the format works as modules then it ought, in some way, work as integrated ones as well, which will be cleaner and easier to maintain whence it runs.
I have found piecemeal explanations for each fragmented "piece" of this rule's logic, but see no full-integration logic or even examples anywhere.



I greatly appreciate your assistance in resolving the form so the rule parser stops choking w/o any concrete explanations like a compiler's parser outputs. Thanks.






ufw







share|improve this question







New contributor




frankfenderbender is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Did you read man ufw? The part that says ufw [--dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out] [log|log-all] [PORT[/PROTOCOL] | APPNAME ] [comment COMMENT], and its explanation should help you.
    – waltinator
    Jan 4 at 4:53










  • Thanks waltinator. I had just reduced the complexity down to "$ sudo ufw allow proto tcp from 192.168.0.100 port 22" and the template rule was added. Naturally, the MacOSX side failed to access due to the usual [cr]Apple unseen, however, it's a good start. Thanks again. I still want to specify the NIC and am working on that aspect now. ;-)
    – frankfenderbender
    Jan 4 at 4:58
















1












1








1







First, the errors, then the reasoning:



$ sudo ufw allow 22/tcp in on eno1 from 192.168.0.100
[sudo] password for robinadm: xxxx
ERROR: Invalid interface clause



Hmm.... perhaps the "in" is redundant with the "from"?



$ sudo ufw allow 22/tcp on eno1 from 192.168.0.100
ERROR: Wrong number of arguments



Why the need for detail after a default of deny?
I have two NICs, eno1 (= eth0) and eno2 (= eth1).
The former is for specific inbound and outbound LAN communications, the latter will be for limited outbound-only WAN communications.



I want the rule to be very specific as to the access: port, NIC, which LAN system.



I do not want a cluster of rules that require vast amounts of if-then thinking, rather very specific rules that are all-in-one.
I do not want to set the same for any system since there are 17 different OSs and/or OS versions.



Hence, I want to avoid over-simplifications; I just need to understand the correct format which will act as a template for many more.
This one is a good example.
If the format works as modules then it ought, in some way, work as integrated ones as well, which will be cleaner and easier to maintain whence it runs.
I have found piecemeal explanations for each fragmented "piece" of this rule's logic, but see no full-integration logic or even examples anywhere.



I greatly appreciate your assistance in resolving the form so the rule parser stops choking w/o any concrete explanations like a compiler's parser outputs. Thanks.






ufw







share|improve this question







New contributor




frankfenderbender is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











First, the errors, then the reasoning:



$ sudo ufw allow 22/tcp in on eno1 from 192.168.0.100
[sudo] password for robinadm: xxxx
ERROR: Invalid interface clause



Hmm.... perhaps the "in" is redundant with the "from"?



$ sudo ufw allow 22/tcp on eno1 from 192.168.0.100
ERROR: Wrong number of arguments



Why the need for detail after a default of deny?
I have two NICs, eno1 (= eth0) and eno2 (= eth1).
The former is for specific inbound and outbound LAN communications, the latter will be for limited outbound-only WAN communications.



I want the rule to be very specific as to the access: port, NIC, which LAN system.



I do not want a cluster of rules that require vast amounts of if-then thinking, rather very specific rules that are all-in-one.
I do not want to set the same for any system since there are 17 different OSs and/or OS versions.



Hence, I want to avoid over-simplifications; I just need to understand the correct format which will act as a template for many more.
This one is a good example.
If the format works as modules then it ought, in some way, work as integrated ones as well, which will be cleaner and easier to maintain whence it runs.
I have found piecemeal explanations for each fragmented "piece" of this rule's logic, but see no full-integration logic or even examples anywhere.



I greatly appreciate your assistance in resolving the form so the rule parser stops choking w/o any concrete explanations like a compiler's parser outputs. Thanks.






ufw




ufw






share|improve this question







New contributor




frankfenderbender is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




frankfenderbender is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




frankfenderbender is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked Jan 4 at 2:55









frankfenderbenderfrankfenderbender

61




61




New contributor




frankfenderbender is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





frankfenderbender is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






frankfenderbender is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • Did you read man ufw? The part that says ufw [--dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out] [log|log-all] [PORT[/PROTOCOL] | APPNAME ] [comment COMMENT], and its explanation should help you.
    – waltinator
    Jan 4 at 4:53










  • Thanks waltinator. I had just reduced the complexity down to "$ sudo ufw allow proto tcp from 192.168.0.100 port 22" and the template rule was added. Naturally, the MacOSX side failed to access due to the usual [cr]Apple unseen, however, it's a good start. Thanks again. I still want to specify the NIC and am working on that aspect now. ;-)
    – frankfenderbender
    Jan 4 at 4:58




















  • Did you read man ufw? The part that says ufw [--dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out] [log|log-all] [PORT[/PROTOCOL] | APPNAME ] [comment COMMENT], and its explanation should help you.
    – waltinator
    Jan 4 at 4:53










  • Thanks waltinator. I had just reduced the complexity down to "$ sudo ufw allow proto tcp from 192.168.0.100 port 22" and the template rule was added. Naturally, the MacOSX side failed to access due to the usual [cr]Apple unseen, however, it's a good start. Thanks again. I still want to specify the NIC and am working on that aspect now. ;-)
    – frankfenderbender
    Jan 4 at 4:58


















Did you read man ufw? The part that says ufw [--dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out] [log|log-all] [PORT[/PROTOCOL] | APPNAME ] [comment COMMENT], and its explanation should help you.
– waltinator
Jan 4 at 4:53




Did you read man ufw? The part that says ufw [--dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out] [log|log-all] [PORT[/PROTOCOL] | APPNAME ] [comment COMMENT], and its explanation should help you.
– waltinator
Jan 4 at 4:53












Thanks waltinator. I had just reduced the complexity down to "$ sudo ufw allow proto tcp from 192.168.0.100 port 22" and the template rule was added. Naturally, the MacOSX side failed to access due to the usual [cr]Apple unseen, however, it's a good start. Thanks again. I still want to specify the NIC and am working on that aspect now. ;-)
– frankfenderbender
Jan 4 at 4:58






Thanks waltinator. I had just reduced the complexity down to "$ sudo ufw allow proto tcp from 192.168.0.100 port 22" and the template rule was added. Naturally, the MacOSX side failed to access due to the usual [cr]Apple unseen, however, it's a good start. Thanks again. I still want to specify the NIC and am working on that aspect now. ;-)
– frankfenderbender
Jan 4 at 4:58












0






active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






frankfenderbender is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1106790%2fufw-rule-form-errors%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes








frankfenderbender is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















frankfenderbender is a new contributor. Be nice, and check out our Code of Conduct.













frankfenderbender is a new contributor. Be nice, and check out our Code of Conduct.












frankfenderbender is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1106790%2fufw-rule-form-errors%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

數位音樂下載

Image
數位音樂下載 為非以「實體」方式來販賣音樂的相關產品,而使用數位格式如mp3、AAC等文件格式來進行銷售販賣的一种音乐产业形式。著名的數位音樂下載服務商有iTunes Store、RecoChoku、Google Play音乐和微软Zune等。数字音乐下载在二十一世纪初一度风靡全球, [1] [2] 使得传统唱片产业走向衰落,但其自身也在2010年代流媒体音乐服务如Apple Music、Spotify等的挤压下迅速失去市场份额。 [3] [4] 数字音乐下载有便于携带、传播迅速、制作简单成本低等优点,与流媒体音乐相比也能更好保障音乐人权益; [5] 但它同时很可能带来侵犯版权和滥用的情形, [6] 也给音乐产业带来了诸多不利影响。数字音乐下载为音乐人和乐迷提供了更加便捷直接的交流渠道,也一定程度上推动了网络音乐人的出现和独立音乐的迅速发展。 [7] 目录 1 历史 1.1 技术积淀(1987-2000) 1.2 出现与兴起(2000-2004) 1.3 唱片市场的颠覆者(2004-2007) 1.4 巅峰和衰落(2005-2013) 1.5 摇摇欲坠的现状与不可预知的明天(2014至今) 2 主要文件格式 2.1 PCM编码格式 2.1.1 WAV 2.1.2 APE 2.1.3 FLAC 2.2 苹果推出的无损文件格式 2.2.1 AIFF 2.2.2 ALAC 2.3 有损压缩格式 2.3.1 MP3 2.3.2 AAC 3 主要市场 3.1 iTunes Store 3.2 Google Play音乐商店 3.3 亚马逊音乐商店 3.4 部分其他音乐商店 4 影响与评价 4.1 对音乐产业的影响 4.2 对科技行业的影响 4.3 正面评价 4.4 负面评价 4.4.1 侵权问题 4.4.2 经营模式不明晰 4.4.3 不适应移动时代 4.5 文化现象 5 延伸阅读 6 参考资料 历史 苹果iTunes+iPod的软硬件搭配让数字音
Read more

格利澤436b

Image
格利泽436b 太陽系外行星 太陽系外行星列表 艺术家笔下的格利泽436b 母恆星 母恆星 Gliese 436 星座 獅子座 赤經 ( α ) 11 h  42 m  11.0941 s [1] 赤緯 ( δ ) +26° 42′ 23.652″ [1] 距離 33.4 ly (10.2 pc) 光譜類型 M2.5 V [1] 軌道參數 半长轴 ( a ) 0.0291±0.0004 [2] AU 軌道離心率 ( e ) 0.150±0.012 [2] 公轉週期 ( P ) 2.643904±0.000005 [3] d (0.00723849 y) 軌道傾角 ( i ) 85.8 +0.21 −0.25 [3] ° 角距 ( θ ) 2.794 mas 近星點時間 ( T 0 ) 2,451,551.716 ±0.01 JD 半振幅 ( K ) 18.68±0.8 m/s 物理性质 质量 ( m ) 22.2±1.0 [2] M ⊕ 半徑 ( r ) 4.327±0.183 [2] [4] R ⊕ 密度 ( ρ ) 1.51 g cm -3 表面重力 ( g ) 1.18 g 溫度 ( T ) 712±36 [2] K 發現 發現時間 2004 發現者 巴特勒、沃格特、 馬西 et al. 發現方法 徑向速度、凌日法 發現地點 美國加利福尼亞州 發表論文 出版 其他名稱 Ross 905 b, GJ 436 b, [5] LTT 13213 b, GCTP 2704.10 b, LHS 310, AC+27:28217 b, Vyssotsky 616 b, HIP 57087 b, GEN# +9.80120068 b, LP 319-75 b, G 121-7 b, LSPM J1142+2642 b, 1RXS J114211.9+264328 b, ASCC 683818 b, G 147-68 b, UCAC2 41198281 b, BP
Read more

When can things happen in Etherscan, such as the picture below?

Image
2 I don't know why balance of the address is 0. when can this situation? etherscan balances share | improve this question asked yesterday Ru Hi Ru Hi 11 1 New contributor Ru Hi is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct. add a comment  | 
Read more