Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I found that, since ufw creates rules on all interfaces, it was unsuitable for use on hosts running linuxbridge or openvswitch. It places your firewall rules on the internal networks causing trouble.

Instead I did this:

$ cat /etc/iptables.rules 
iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# mosh
iptables -A INPUT -i eth0 -p udp -m multiport --dports 60000:60100 -j ACCEPT
# all icmp
iptables -A INPUT -i eth0 -p icmp -j ACCEPT
# our ssl port
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
# our ssh port
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
# drop the rest
iptables -A INPUT -i eth0 -j DROP

$ cat /etc/network/in
cat: /etc/network/in: No such file or directory
don@vk-3:/var/www/html/stacks$ cat /etc/network/interfaces
# The primary network interface
auto eth0
iface eth0 inet static
        address MYIP
        gateway MYGW
        dns-nameservers MYDNS
        pre-up /etc/iptables.rules

now when my eth0 comes up, it firewalls, but only on that interface (-i eth0).