Home / server / Questions / 270715
Accepted
Antonius Bloch
Asked: 2011-05-18 13:20:40 +0800 CST

Ubuntu ufw: set a rule on a per interface basis

  • 772

I want to create a rule that allows anyone on eth1 to access port 80. Can UFW do this or should I go back to using Shorewall?

To clarify: this is a capabilties question, can ufw handle interfaces as a target?

firewall ubuntu iptables ufw

3 Answers

  1. Best Answer

    I finally read the man page:

    By default, ufw will apply rules to all available interfaces. To
limit  this,  specify DIRECTION on INTERFACE, where DIRECTION is
one of in or out (interface aliases  are  not  supported).   For
example,  to  allow  all  new incoming http connections on eth0,
use:

ufw allow in on eth0 to any port 80 proto tcp

    To elaborate a little the answer is yes, ufw can use the interface as a target. My particular rule looked like this:

    ufw allow in on eth1 to [eth1 ip addr] port 80 proto tcp
    • 74

  2. Yes, if eth1 is just a normal interface with its own IP address (and that IP address is what you're trying to grant access to):

    ufw allow from any to [eth1 ip addr] port 80

    But if there's anything more complicated than that, then we need more info about how this system is set up.

    • 7

  3. If you need to do forwarding with ufw (i.e routing traffic over an in & out interface):

    ufw route allow in on eth0 out on br0 from 1.2.3.4 to 10.0.0.1 port 80,443 proto tcp

    The Arch man page is very helpful

    • 0