Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# UFW configuration for a home DMZ box exposed to the public internet, with only sshd reachable from the outside world.
# In addition to setting these rules you should also:
# 1. Edit /etc/ufw/before.rules to remove the default rules which permit incoming DHCP packets from the outside world.
# 2. Edit /etc/ufw/before.rules to remove the default rules which permit incoming ICMP packets from the outside world.
# 3. Edit /etc/default/ufw to turn off non-local ipv6 because I don't know enough about it to be confident.
ufw default deny incoming
ufw default allow outgoing
ufw limit log proto tcp to 0.0.0.0/0 port ssh
ufw allow proto udp from 192.168.0.0/16 to 0.0.0.0/0 port bootpc comment "required for dhclient"
ufw --force enable
@briangordon

This comment has been minimized.

Copy link
Owner Author

briangordon commented Feb 4, 2019

ufw allow log from 192.168.0.0/16 to 0.0.0.0/0 app "WWW Full"

@briangordon

This comment has been minimized.

Copy link
Owner Author

briangordon commented Aug 2, 2019

ufw allow proto tcp to 0.0.0.0/0 port 8997 comment "bittorrent" 
ufw allow proto tcp from 192.168.0.0/16 to 0.0.0.0/0 port 3000 comment "flood UI for bittorrent"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.