As far as I can tell, the ufw firewall disappeared from the Ubuntu 12.04 image recently, it's not there if you reinstall. If you apt-get it, it doesn't seem to allow any ports through, and I locked myself out when I logged out with it enabled. I tested it out after allowing ssh, then enabling it, by trying to ssh from a 2nd computer while staying logged in with the 1st. I could not get in until I disabled it. Not that I'm joe ubuntu or anything...
So I came up with some basic iptables rules... No guarantees, but they work for me. I tried to install iptables-persistent to make the rules survive the reboot, but it errored out, so I found a workaround.
If you try them out, don't do the 2nd code set until you tested out everything, that way you can reboot and hopefully be back to where you were. Use at your own risk. Btw, if you later add a port to unblock, add it to the code then run it all with the flush command so it doesn't get added after the drop, and never take effect. Use 'iptables -L' to list your current rules.
iptables -F # flush existing rules
# next 2 rules allow all outgoing traffic from vps
iptables -I OUTPUT -o venet0 -d 0.0.0.0/0 -j ACCEPT
iptables -I INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#remove leading pound sign to unblock ports needed below, not the one after ACCEPT
#iptables -A INPUT -i ppp+ -j ACCEPT # ppp, for pptp
#iptables -A OUTPUT -o ppp+ -j ACCEPT # ppp, for pptp
#iptables -A INPUT -p tcp --dport 1723 -j ACCEPT #pptp
#iptables -A INPUT -p 47 -j ACCEPT #gre, for pptp
#iptables -A OUTPUT -p 47 -j ACCEPT #gre, for pptp
iptables -A INPUT -p tcp --dport 22 -j ACCEPT #ssh
#iptables -A INPUT -p tcp --dport 25 -j ACCEPT #smtp
#iptables -A INPUT -p tcp --dport 53 -j ACCEPT #dns
iptables -A INPUT -p tcp --dport 80 -j ACCEPT # http
iptables -A INPUT -p tcp --dport 443 -j ACCEPT # https
iptables -A INPUT -p tcp --dport 5901 -j ACCEPT # vnc display 1
#iptables -A INPUT -p tcp --dport 10000 -j ACCEPT # webmin
iptables -A INPUT -j DROP
iptables-save -c > /etc/iptables.rules
#ending lines restore rules after reboot
echo 'iptables-restore < /etc/iptables.rules'>>/etc/network/if-pre-up.d/iptablesload
echo 'exit 0'>>/etc/network/if-pre-up.d/iptablesload
echo 'iptables-save -c > /etc/iptables.rules'>>/etc/network/if-post-down.d/iptablessave
echo 'exit 0'>>/etc/network/if-post-down.d/iptablessave
chmod +x /etc/network/if-post-down.d/iptablessave
chmod +x /etc/network/if-pre-up.d/iptablesload
Last edited by SlickFerret; 04-01-2013 at 05:36 PM..