BALTIC1873

UFW Config with NGINX

Install UFW

sudo apt update
sudo apt install ufw

Standard Traffic

sudo ufw default deny incoming
sudo ufw default allow outgoing

SSH hardened to network

# EXAMPLE
# Replace 192.168.1.0/24 with your specific internal subnet if different

sudo ufw allow from 192.168.1.0/24 to any port 22 proto tcp

NGINX port 80, 443

#EXAMPLE
# Only allow traffic to 80/443 if it comes from the Proxy IP
sudo ufw allow from 192.168.1.31 to any port 80 proto tcp
sudo ufw allow from 192.168.1.31 to any port 443 proto tcp

Verify Rules

sudo ufw status numbered

Enable Firewall

sudo ufw enable

Docker bypass Conflict

To fix this, edit the UFW configuration file:

sudo nano /etc/default/ufw

Change DEFAULT_FORWARD_POLICY to ACCEPT:

DEFAULT_FORWARD_POLICY="ACCEPT"

Then, restart UFW:

sudo ufw reload