Skip to content

Instantly share code, notes, and snippets.

@RafaelPalomar

RafaelPalomar/gentoo-uncomplicated-firewall.org

Last active June 20, 2019 10:49
Show Gist options
  • Save RafaelPalomar/268dd65a184ee1b33fda7c547aa7cd92 to your computer and use it in GitHub Desktop.
Save RafaelPalomar/268dd65a184ee1b33fda7c547aa7cd92 to your computer and use it in GitHub Desktop.
Download ZIP
Setting up uncomplicated firewall in Gentoo (example) #gentoo #firewall #example
Raw
gentoo-uncomplicated-firewall.org

Setting up uncomplicated firewall in Gentoo (Example)

This example considers the installation of “Uncomplicated Firewall” with the following rules:

  • Disallow incoming connections
  • Disallow outgoing connections
  • Exceptionally allowing inccoming connections for SSH
  • Exceptionally allowing outgoing connections for server update (Gentoo)
  • Exceptionally allowing outgoing connections for an external private docker registry

Installing uncomplicated firewall

Enable CONFIG_NETFILTER_XT_TARGET_LOG in the linux kenrel
Not sure is entirely needed but I enabled CONFIG_CGROUP_BPF
Install the package net-firewall/ufw

Setting up the rules

Enable firewall

sudo ufw enable

Disable logging (optional)

sudo ufw logging off

Enabling SSH since most likely you are configuring the server over SSH

sudo ufw allow ssh

Disable incoming/outgoing by default

sudo ufw default deny outgoing suod ufw default deny incoming

Enable dns

sudo ufw allow dns

Enable http/https

sudo ufw allow out http sudo ufw allow out https

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment