Can't install firewall in chroot, so move it into its own service for now

2026-02-17 15:25:37 +00:00 · 2025-08-24 09:12:51 +02:00
parent ab09446971
commit ca115b9061
3 changed files with 30 additions and 24 deletions
--- a/bin/omarchy-install-firewall
+++ b/bin/omarchy-install-firewall
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+if ! command -v ufw &>/dev/null; then
+  yay -S --noconfirm --needed ufw ufw-docker
+fi
+
+# Allow nothing in, everything out
+sudo ufw default deny incoming
+sudo ufw default allow outgoing
+
+# Allow ports for LocalSend
+sudo ufw allow 53317/udp
+sudo ufw allow 53317/tcp
+
+# Allow SSH in
+sudo ufw allow 22/tcp
+
+# Allow Docker containers to use DNS on host
+sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'allow-docker-dns'
+
+# Turn on the firewall
+sudo ufw --force enable
+
+# Turn on Docker protections
+sudo ufw-docker install
+sudo ufw reload