When setting up the firewall the deny command must be last.If you need to fix the order delete the deny and readd it so it will be the last in the list.
Allow incoming connections to manage the server.
* allow port 22 connect in to provide ssh
* allow port 8112 connect in to deluge webui
Code: Select all
sudo ufw allow 22/tcp
sudo ufw allow 8112/tcp
Code: Select all
sudo ufw delete allow 22/tcp
* allow out on port 1194 for openvpn server
* alllow out on port 53 for dns
* allow out to port 445 for CIFS server mounts
* connect out to anywhere on tun0 (vpn device)
* do not connect out to anywhere else other then above
Code: Select all
sudo ufw allow out 1194/udp
sudo ufw allow out 53
sudo ufw allow out 445/tcp
sudo ufw allow out on tun0
sudo ufw deny out to any
Check that the commands all worked and no typos
Code: Select all
sudo ufw status
* Output of status should be :
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
8112/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
8112/tcp (v6) ALLOW Anywhere (v6)
1194/udp ALLOW OUT Anywhere
53 ALLOW OUT Anywhere
445/tcp ALLOW OUT Anywhere
Anywhere ALLOW OUT Anywhere on tun0
Anywhere DENY OUT Anywhere
1194/udp (v6) ALLOW OUT Anywhere (v6)
53 (v6) ALLOW OUT Anywhere (v6)
445/tcp (v6) ALLOW OUT Anywhere (v6)
Anywhere (v6) ALLOW OUT Anywhere (v6) on tun0
Anywhere (v6) DENY OUT Anywhere (v6)