mirror of
https://github.com/basecamp/omarchy.git
synced 2026-02-17 15:25:37 +00:00
1060a54c1a
* UFW: limit LocalSend (53317) to LAN and remove default SSH (22) rule * Revert LocalSend change and drop SSH allow rule
21 lines
510 B
Bash
21 lines
510 B
Bash
# Allow nothing in, everything out
|
|
sudo ufw default deny incoming
|
|
sudo ufw default allow outgoing
|
|
|
|
# Allow ports for LocalSend
|
|
sudo ufw allow 53317/udp
|
|
sudo ufw allow 53317/tcp
|
|
|
|
# Allow Docker containers to use DNS on host
|
|
sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'allow-docker-dns'
|
|
|
|
# Turn on the firewall
|
|
sudo ufw --force enable
|
|
|
|
# Enable UFW systemd service to start on boot
|
|
sudo systemctl enable ufw
|
|
|
|
# Turn on Docker protections
|
|
sudo ufw-docker install
|
|
sudo ufw reload
|