Commit abac6c92 authored by Clark's avatar Clark

Fixing UFW rules for Docker forwarding. Still need to remap ports

parent 5290d1b9
......@@ -142,11 +142,36 @@ sudo unattended-upgrades -d && \
sudo apt install -y software-properties-common autoconf opendkim-tools libtool lynis \
net-tools curl gnupg2 vim unzip apt-transport-https auditd lvm2 man-db ufw && \
`# Enable UFW forwarding for Docker` && \
sudo bash -c 'cat <<EOT >> /etc/ufw/after.rules
# BEGIN UFW AND DOCKER
*filter
:ufw-user-forward - [0:0]
:DOCKER-USER - [0:0]
-A DOCKER-USER -j RETURN -s 10.0.0.0/8
-A DOCKER-USER -j RETURN -s 172.16.0.0/12
-A DOCKER-USER -j RETURN -s 192.168.0.0/16
-A DOCKER-USER -j ufw-user-forward
-A DOCKER-USER -j DROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 192.168.0.0/16
-A DOCKER-USER -j DROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 10.0.0.0/8
-A DOCKER-USER -j DROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 172.16.0.0/12
-A DOCKER-USER -j DROP -p udp -m udp --dport 0:32767 -d 192.168.0.0/16
-A DOCKER-USER -j DROP -p udp -m udp --dport 0:32767 -d 10.0.0.0/8
-A DOCKER-USER -j DROP -p udp -m udp --dport 0:32767 -d 172.16.0.0/12
-A DOCKER-USER -j RETURN
COMMIT
# END UFW AND DOCKER
EOT' && \
`# Configure firewall rules` && \
sudo ufw allow OpenSSH && \
sudo ufw allow 2222 && \
sudo ufw allow "WWW Secure" && \
sudo ufw allow 5000 && \
sudo ufw route allow proto tcp from any to any port 22 && \
sudo ufw route allow proto tcp from any to any port 443 && \
sudo ufw route allow proto tcp from any to any port 5000 && \
sudo ufw --force enable && \
sudo ufw status && \
sudo sed -i -e "s|^#Port 22|Port 2222|" /etc/ssh/sshd_config && \
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment