Emerging Threats and Geo-Protection (Ubuntu)

This will install and configure Firewalld with an IP blocklist for specific countries and an IP blocklist for IPs and IP netblocks that are known threats. This uses the IP Sets utility for faster table updates to the blocklist and faster matching in the firewall.

Download setup script

wget -O /tmp/Install_ET_Firewall.sh https://raw.githubusercontent.com/alexlewislnk/ET-Firewalld/main/Install_ET_Firewall.sh
chmod +rx /tmp/Install_ET_Firewall.sh

Run setup script


Examine the script logfile for any errors

more /root/Install_ET_Firewall.log

Add additional rules, as necessary

The initial public inbound rule only allows ssh (22/tcp).  If public access to other services or ports is necessary, add them now. Here is a list of some of the more common public inbound rules you may need. If you will be installing the Virtualmin LAMP/LEMP server, skip this step as the Virtualmin install will setup the necessary rules.

Web Services

firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-service=https --permanent

Email Services

firewall-cmd --zone=public --add-service=smtp --permanent
firewall-cmd --zone=public --add-service=smtps --permanent

DNS Services

firewall-cmd --zone=public --add-service=dns --permanent
firewall-cmd --zone=public --add-service=dns-over-tls --permanent

After adding your additional rules, commit the permanent configuration to become the new runtime configuration.

firewall-cmd --reload
Scroll to Top