Tuesday, June 9, 2015

firewall - Ubuntu ufw: set a rule on a per interface basis



I want to create a rule that allows anyone on eth1 to access port 80. Can UFW do this or should I go back to using Shorewall?



To clarify: this is a capabilties question, can ufw handle interfaces as a target?


Answer



I finally read the man page:




By default, ufw will apply rules to all available interfaces. To
limit  this,  specify DIRECTION on INTERFACE, where DIRECTION is
one of in or out (interface aliases  are  not  supported).   For
example,  to  allow  all  new incoming http connections on eth0,
use:

ufw allow in on eth0 to any port 80 proto tcp



To elaborate a little the answer is yes, ufw can use the interface as a target. My particular rule looked like this:



ufw allow in on eth1 to [eth1 ip addr] port 80 proto tcp

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...