How do I allow multiple ports simultaneously in UFW?
Solution 1
You can allow multiple (TCP or UDP) ports in this way:
ufw allow 22,25,80,443,9000 proto tcp
Or you can add a range of ports in this way (source and more explanations):
ufw allow 11200:11299 proto tcp
For more complicated configurations you can create a custom configuration files that could contain one or more custom profiles. For example (man ufw; complete example):
$ cat /etc/ufw/applications.d/my-custom-profiles
[MyCustomProfile]
title=Some title
desctiption=Some description
ports=22,25,80,443/tcp|9000,9005:9007/tcp
You can allow any profile in this way:
ufw allow MyCustomProfile
Solution 2
For anyone dealing with the message
WARN: "Invalid ports in profile 'cassandra'"
or just trying to set up Cassandra on UFW in Ubuntu I found the above pa4080 ports= example the only thing I could get to work. Having found that I carefully worked back through it and it seems that for more than one port UFW wants /tcp (or I assume something else equally as valid) on the last port.
[cassandra]
title=cassandra ufw rules
description=cassandra needs these ports to run
ports=22,7000,7001,7199,9042,9142,9160/tcp
I found this to be the complete, acceptable entry for UFW.
Having spent a fair amount of time on reading the documentation I will follow with my notes that may be of interest.
Public port
Port number. Description
22 SSH port
Cassandra inter-node ports
Port number. Description
7000 Cassandra inter-node cluster communication.
7001 Cassandra SSL inter-node cluster communication.
7199 Cassandra JMX monitoring port.
Cassandra client ports
Port number. Description
9042 Cassandra client port.
9160 Cassandra client port (Thrift).
9142 Default for native_transport_port_ssl, useful when both encrypted and unencrypted connections are required
To do this manually:
sudo ufw allow 22
sudo ufw allow 7001
sudo ufw allow 7199
sudo ufw allow 7000
sudo ufw allow 9042
sudo ufw allow 9160
sudo ufw allow 9142
Ports 7000 and 9042 must be available for external nodes to connect to. As a security measure, limit connections to these ports to only the IP addresses of any other nodes in the cluster.
ufw allow proto tcp from [external_node_ip_address] to any port 7000,9042 comment "Cassandra TCP"
Next step is ufw allow from 192.168.0.0/16 to any app cassandra and test that.
Solution 3
I experimentally found that the message: "Invalid ports in profile *****"
occurs only if you do not specify the protocol. For example:
ports=5900:5910 - is incorrect!
ports=5900:5910/tcp - is correct!
This only applies to the situation of specifying a port range.
Related videos on Youtube
27 : 51
01 : 52
13 : 16
09 : 31
01 : 31
pntshere
Updated on September 18, 2022Comments
-
pntshere over 1 year
I've installed a new Ubuntu 16.04 and enabled
ufw:ufw enableI tried these ways to unfilter multiple ports at once:
ufw allow 22/tcp 25/tcp 80/tcp 443/tcp 9000/tcp ufw allow 22/tcp, 25/tcp, 80/tcp, 443/tcp, 9000/tcp ufw allow {22/tcp,25/tcp,80/tcp,443/tcp,9000/tcp}All three ways bring the same error:
ERROR: Wrong number of arguments
Is it even possible to unfilter multiple ports with UFW?
-
Salvatore Cassano over 4 yearsUnfortunately, this doesn't seem to work, however:
ufw allow from 192.168.2.0/24 to any port 2049,13025/tcpSomehow, ufw thinks I'm trying to specify a port range. I was able to do what I needed, however:ufw allow proto tcp from 192.168.2.0/24 to any port 2049,13025. (ufw version 0.36) -
Kevin almost 3 yearsunless you have multiple ranges, then it wants it only on one of them.
-
David about 2 yearsRead your answer it makes no sense. @trying to one line things that should be one line.@
-
alper about 2 yearsWhat doesprotomeant for? -
pa4080 about 2 years@alper, it must be shorten from protocol -proto tcp/proto udp..
