This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
networking:firewall:ufw [2022/07/28 12:24] gcooper |
networking:firewall:ufw [2022/07/28 13:44] (current) gcooper |
||
---|---|---|---|
Line 19: | Line 19: | ||
ufw --force enable | ufw --force enable | ||
- | ufw status | + | ufw status |
</ | </ | ||
Line 26: | Line 26: | ||
FIXME This needs further confirmation. | FIXME This needs further confirmation. | ||
- | This **example** is for filtering **external access to ports published (opened) by Docker**. | + | <note warning>This **example** is for filtering |
+ | |||
+ | <note important> | ||
< | < | ||
Line 56: | Line 58: | ||
-A DOCKER-USER -i eth0 -m conntrack --ctstate RELATED, | -A DOCKER-USER -i eth0 -m conntrack --ctstate RELATED, | ||
-A DOCKER-USER -i eth0 -m conntrack --ctstate INVALID -j DROP | -A DOCKER-USER -i eth0 -m conntrack --ctstate INVALID -j DROP | ||
- | -A DOCKER-USER -i eth0 --match multiport -p tcp --dports 80,81,443,9443 -j ACCEPT | + | -A DOCKER-USER -i eth0 --match multiport -p tcp --dports 80,443, |
+ | -A DOCKER-USER -i eth0 --match multiport -p udp --dports 22116 -j ACCEPT | ||
+ | -A DOCKER-USER -i eth0 --match multiport -p tcp --dports 81,9443 --source 192.168.1.0/ | ||
-A DOCKER-USER -i eth0 -m conntrack --ctstate NEW -j LOG --log-prefix " | -A DOCKER-USER -i eth0 -m conntrack --ctstate NEW -j LOG --log-prefix " | ||
-A DOCKER-USER -i eth0 -m conntrack --ctstate NEW -j DROP | -A DOCKER-USER -i eth0 -m conntrack --ctstate NEW -j DROP |