Skip to content

Instantly share code, notes, and snippets.

@genesysflow

genesysflow/.md

Last active June 11, 2024 10:43
Show Gist options
  • Save genesysflow/965b7f31f6c1012e23d44082641fe581 to your computer and use it in GitHub Desktop.
Save genesysflow/965b7f31f6c1012e23d44082641fe581 to your computer and use it in GitHub Desktop.
Download ZIP
ufw ports for mailcow
Raw
.md

ports for mailcow

ufw allow 25/tcp
ufw allow 465/tcp
ufw allow 587/tcp
ufw allow 143/tcp
ufw allow 993/tcp
ufw allow 110/tcp
ufw allow 995/tcp
ufw allow 4190/tcp
# http/s ports
ufw allow 443
ufw allow 80

ufw allow ssh # sshd on port 22, be careful to not get locked out!
ufw default deny incoming # deny traffic on every other port, on any interface
ufw enable
@semaf
Copy link

semaf commented Apr 19, 2024
edited
Loading

Using the fix for Docker with UFW and iptables: https://github.com/chaifeng/ufw-docker
I am running Nginx Proxy Manager etc and the ports should be opened to only related docker IP.

sudo ufw route allow from 123.456.789.2 to 172.22.1.114 port 443

22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443                        ALLOW       Anywhere
80/tcp (v6)                ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
22/tcp (v6)                ALLOW       Anywhere (v6)

172.22.1.9 7443            ALLOW FWD   Anywhere
172.22.1.250 4190          ALLOW FWD   Anywhere
172.22.1.250 995           ALLOW FWD   Anywhere
172.22.1.250 993           ALLOW FWD   Anywhere
172.22.1.250 143           ALLOW FWD   Anywhere
172.22.1.250 110           ALLOW FWD   Anywhere
443                        ALLOW FWD   Anywhere
172.22.1.253 25            ALLOW FWD   Anywhere
172.22.1.253 465           ALLOW FWD   Anywhere
172.22.1.253 587           ALLOW FWD   Anywhere
443 (v6)                   ALLOW FWD   Anywhere (v6)

and blocking also some bad guys with iptables for Chain DOCKER-USER

sudo iptables -L DOCKER-USER

Chain DOCKER-USER (1 references)
target     prot opt source               destination
DROP       all  --  80.224.11.0/24  anywhere
DROP       all  --  94.156.10.0/24       anywhere
DROP       all  --  87.121.105.0/24      anywhere
DROP       all  --  87.120.84.0/24       anywhere
DROP       all  --  45.88.90.0/24        anywhere
DROP       all  --  45.128.96.0/24       anywhere
DROP       all  --  194.48.251.0/24      anywhere
DROP       all  --  194.33.191.0/24      anywhere
DROP       all  --  193.222.96.0/24      anywhere
ufw-user-forward  all  --  anywhere             anywhere
RETURN     all  --  10.0.0.0/8           anywhere
RETURN     all  --  172.16.0.0/12        anywhere
RETURN     all  --  192.168.0.0/16       anywhere
RETURN     udp  --  anywhere             anywhere             udp spt:domain dpts:1024:65535
ufw-docker-logging-deny  tcp  --  anywhere             192.168.0.0/16       tcp flags:FIN,SYN,RST,ACK/SYN
ufw-docker-logging-deny  tcp  --  anywhere             10.0.0.0/8           tcp flags:FIN,SYN,RST,ACK/SYN
ufw-docker-logging-deny  tcp  --  anywhere             172.16.0.0/12        tcp flags:FIN,SYN,RST,ACK/SYN
ufw-docker-logging-deny  udp  --  anywhere             192.168.0.0/16       udp dpts:0:32767
ufw-docker-logging-deny  udp  --  anywhere             10.0.0.0/8           udp dpts:0:32767
ufw-docker-logging-deny  udp  --  anywhere             172.16.0.0/12        udp dpts:0:32767

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment