Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# UFW configuration for a home DMZ box exposed to the public internet, with only sshd reachable from the outside world.
# In addition to setting these rules you should also:
# 1. Edit /etc/ufw/before.rules to remove the default rules which permit incoming DHCP packets from the outside world.
# 2. Edit /etc/ufw/before.rules to remove the default rules which permit incoming ICMP packets from the outside world.
# 3. Edit /etc/default/ufw to turn off non-local ipv6 because I don't know enough about it to be confident.
ufw default deny incoming
ufw default allow outgoing
ufw limit log proto tcp to 0.0.0.0/0 port ssh
ufw allow proto udp from 192.168.0.0/16 to 0.0.0.0/0 port bootpc comment "required for dhclient"
ufw --force enable
@briangordon
Copy link
Author

briangordon commented May 11, 2020

ufw allow proto tcp from any to 0.0.0.0/0 port 8080 
ufw allow proto tcp from 192.168.0.0/16 to 0.0.0.0/0 port 8088

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment