How to allow all traffic on a local interface using UFW?
I've got Apache running as a reverse proxy for another Docker service. I got it working but as soon as I enable UFW, all connections are blocked with this error message:
Dec 29 23:50:23 vps520941 kernel: [2870586.522706] [UFW BLOCK] IN= OUT=br-xxxxxxxxx SRC=172.24.0.1 DST=172.24.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=38755 DF PROTO=TCP SPT=54620 DPT=22300 WINDOW=292
And this is the result of ifconfig
:
br-xxxxxxxxx Link encap:Ethernet HWaddr xx:xx:xx:xx:xx
inet addr:172.24.0.1 Bcast:172.24.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1630 (1.6 KB) TX bytes:2896 (2.8 KB)
Previously I had try to allow traffic on my network interface IP, however it changes on each reboot so that doesn't work.
I had something like this in ufw: ufw allow in from 172.22.0.0/24 to any port
but of course that doesn't work anymore since the interface IP is now 172.24.0.1.
So I'm wondering, is it possible to tell UFW to allow all connections, not based on IP, but based on the network interface name?
Solution 1:
It was right in the man page with numerous examples: on <interface>
.
Consider:
ufw allow on <interface> to any