UFW: Blocking all internet but allowing Google

Questions about Wi-Fi and other network devices, file sharing, firewalls, connection sharing etc
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
MechWright
Level 1
Level 1
Posts: 44
Joined: Thu Dec 27, 2018 11:30 am

UFW: Blocking all internet but allowing Google

Post by MechWright »

Hello everybody,

I am learning to use UFW. I need to setup a firewall that does the following:
1) Allows files being sent via a LAN cable
2) Allows WLAN connection to gmail and other Google services
3) Blocks everything else

The number 1 seems to be easy (just "sudo ufw allow ssh"); number 3 can also be brute-forced
("sudo ufw deny out from any to any") [BTW why doesn't "sudo ufw deny out from 80 to any" work?]

The problem is number 2. Google uses the IP range 172.217.0.0-172.217.255.255, so I need to allow
all that. How is this done?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
User avatar
kc1di
Level 18
Level 18
Posts: 8146
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: UFW: Blocking all internet but allowing Google

Post by kc1di »

Hello MechWright and Welcome to Linux Mint Forums,

The easiest way would be to create rules for what you want to do. I use gufw which is the graphical front end for ufw. simply create a rule allowing those IP addresses to access the machine. Here a web page that may be of help: https://www.linux.com/learn/introductio ... rewall-ufw or from the command line this one: https://www.putorius.net/ufw-uncomplica ... asics.html Good Luck.
P.S. you may have to allow your router IP and Printer addresses also to get to the internet and to your printer if you have one.
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
MechWright
Level 1
Level 1
Posts: 44
Joined: Thu Dec 27, 2018 11:30 am

Re: UFW: Blocking all internet but allowing Google

Post by MechWright »

Thanks for the reply kc1di,

however, I am familiar with the basic functionality of UFW; what I couldn't find even after scanning through numerous
UFW guides is HOW TO BLOCK OR ALLOW A BIG RANGE OF IP ADDRESSES, in my case, allow all the range Google
is using,
172.217.0.0 - 172.217.255.255,
i.e. 172.217.*.* in the language UFW understands.
User avatar
Pepi
Level 6
Level 6
Posts: 1308
Joined: Wed Nov 18, 2009 7:47 pm

Re: UFW: Blocking all internet but allowing Google

Post by Pepi »

I figured you would want to let everything in but Google :wink: :lol:
User avatar
kc1di
Level 18
Level 18
Posts: 8146
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: UFW: Blocking all internet but allowing Google

Post by kc1di »

Pepi wrote: Mon Mar 11, 2019 8:37 am I figured you would want to let everything in but Google :wink: :lol:
++1 :lol: :roll:
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
MechWright
Level 1
Level 1
Posts: 44
Joined: Thu Dec 27, 2018 11:30 am

Re: UFW: Blocking all internet but allowing Google

Post by MechWright »

figured you would want to let everything in but Google :wink: :lol:
Ok, how would you do that?
User avatar
greerd
Level 6
Level 6
Posts: 1060
Joined: Sat Jul 31, 2010 10:58 am
Location: Nova Scotia, Canada

Re: UFW: Blocking all internet but allowing Google

Post by greerd »

MechWright wrote: Mon Mar 11, 2019 6:54 am The problem is number 2. Google uses the IP range 172.217.0.0-172.217.255.255, so I need to allow
all that. How is this done?
172.217.0.0/16 should allow 172.217.0.0 - 172.217.255.255.
MechWright
Level 1
Level 1
Posts: 44
Joined: Thu Dec 27, 2018 11:30 am

Re: UFW: Blocking all internet but allowing Google

Post by MechWright »

Sorry guys, need more help. Despite ~100 attempts, can't get this right.

sudo ufw deny out to any
sudo ufw allow in from 172.217.0.0/16
sudo ufw allow out to 172.217.0.0/16

seems to just block all the internet and doesn't allow me to access Google drive (which is the point of allowing Google).
What am I doing wrong?
Locked

Return to “Networking”