-1

I'm trying to figure out UFW on ubuntu and it's a little confusing.

My server setup has multiple adapters, one of the is external to the web and the others are internal.

Say the external is en0 and internal is en1, i want to block all incoming ports except 443 on the en0 adapter only, the en1 should be left to allow every port in and out.

Another case on another server i want to block every incoming port on en0 except 80,443 and 22

noname
  • 49
  • 6
  • SO is for programming questions only, so OS/networking support is [off-topic](/help/on-topic). You can ask on [ubuntu.se] instead. – wjandrea Jun 03 '22 at 16:16
  • @wjandrea -- As UFW rules can be applied in a bash script, or shell environment, given then exact commands I issued below -- It falls well within the realm of "programming" Read [This Question's Answer](https://stackoverflow.com/questions/28693737/is-bash-a-programming-language) – Zak Jun 03 '22 at 16:21
  • @Zak Just because the solution *involves* coding doesn't mean the question is *about* coding. The question is about OS configuration. – wjandrea Jun 03 '22 at 16:25
  • Involves vs. about - Honestly that's a Meta question that probably has been asked, but if not, probably would spark the tomato / tomahto debate .. – Zak Jun 03 '22 at 16:27
  • @Zak Note that I also wrote "solution" vs "question". A solution using GUFW or another graphical frontend would be equally valid. – wjandrea Jun 03 '22 at 16:33

1 Answers1

1

You need to deny all first -- Then allow just 443 .. And make sure your specific adapter is mentioned in the rule .. So FIRST deny all on en0. Then allow https. Then allow all on en1 ... Like so:

ufw default deny incoming on en0
ufw allow https on en0
ufw allow 10000 on en0
ufw allow 8080 on en0
ufw default allow in on en1
ufw deny 3939 on en1

UPDATE you can also choose physical port numbers instead of protocols as well. See above. The above set of rules would allow ONLY 443, 10000, and 8080 on en0. And would allow all except 3939 for en1

The rules cascade .. So the (last entered) overrides the rule (previously entered) .. That's what makes this firewall so simple.

Zak
  • 5,910
  • 2
  • 23
  • 46
  • Thanks, how come you use “incoming” on one and “in” on the other? Do they mean different things? – noname Jun 03 '22 at 16:02
  • The `on` indicates the adapter. The `in` is the allowing the INBOUND traffic .. `on en0` means exactly what it sounds like .. – Zak Jun 03 '22 at 16:04
  • You misread what I said lol I didn’t ask about “on” I was asking the difference between “incoming “ and “in” – noname Jun 03 '22 at 16:06
  • Also sorry if I want to declare the port number instead of “HTTPS” as I may have other ports not related to a standard service? – noname Jun 03 '22 at 16:07
  • 1
    Honestly I have no idea why it's set up that way .. You can read `man ufw` and see all the possible rules and explanations there .. – Zak Jun 03 '22 at 16:08
  • See update answer. – Zak Jun 03 '22 at 16:11
  • Hi @zak i am getting :"wrong number of arugments" when running "ufw allow https on enp3s0f0" – noname Jun 04 '22 at 08:39