ufw firewall setup for VPN with webui and cifs

General support for problems installing or using Deluge
Post Reply
paulto
Member
Member
Posts: 11
Joined: Mon May 29, 2017 4:51 pm

ufw firewall setup for VPN with webui and cifs

Post by paulto »

New user of ufw and got this working right now. Hope it can help someone else looking to accomplish the same as I was.

When setting up the firewall the deny command must be last.If you need to fix the order delete the deny and readd it so it will be the last in the list.

Allow incoming connections to manage the server.

* allow port 22 connect in to provide ssh
* allow port 8112 connect in to deluge webui

Code: Select all

sudo ufw allow 22/tcp
sudo ufw allow 8112/tcp
If you need to remove an entry, the ssh port for example use :

Code: Select all

sudo ufw delete allow 22/tcp
Allow out going connections to establish the openvpn connection, dns and CIFS server connection to mount drives. Then force all other traffic over network device tun0.

* allow out on port 1194 for openvpn server
* alllow out on port 53 for dns
* allow out to port 445 for CIFS server mounts
* connect out to anywhere on tun0 (vpn device)
* do not connect out to anywhere else other then above

Code: Select all

sudo ufw allow out 1194/udp
sudo ufw allow out 53
sudo ufw allow out 445/tcp
sudo ufw allow out on tun0
sudo ufw deny out to any

Check that the commands all worked and no typos

Code: Select all

sudo ufw status

* Output of status should be :

Status: active

To Action From
-- ------ ----
22/tcp ALLOW Anywhere
8112/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
8112/tcp (v6) ALLOW Anywhere (v6)


1194/udp ALLOW OUT Anywhere
53 ALLOW OUT Anywhere
445/tcp ALLOW OUT Anywhere
Anywhere ALLOW OUT Anywhere on tun0
Anywhere DENY OUT Anywhere
1194/udp (v6) ALLOW OUT Anywhere (v6)
53 (v6) ALLOW OUT Anywhere (v6)
445/tcp (v6) ALLOW OUT Anywhere (v6)
Anywhere (v6) ALLOW OUT Anywhere (v6) on tun0
Anywhere (v6) DENY OUT Anywhere (v6)
Post Reply