How to allow all traffic on a local interface using UFW?

I've got Apache running as a reverse proxy for another Docker service. I got it working but as soon as I enable UFW, all connections are blocked with this error message:

Dec 29 23:50:23 vps520941 kernel: [2870586.522706] [UFW BLOCK] IN= OUT=br-xxxxxxxxx SRC=172.24.0.1 DST=172.24.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=38755 DF PROTO=TCP SPT=54620 DPT=22300 WINDOW=292

And this is the result of ifconfig:

br-xxxxxxxxx Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx
          inet addr:172.24.0.1  Bcast:172.24.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1630 (1.6 KB)  TX bytes:2896 (2.8 KB)

Previously I had try to allow traffic on my network interface IP, however it changes on each reboot so that doesn't work.

I had something like this in ufw: ufw allow in from 172.22.0.0/24 to any port but of course that doesn't work anymore since the interface IP is now 172.24.0.1.

So I'm wondering, is it possible to tell UFW to allow all connections, not based on IP, but based on the network interface name?


Solution 1:

It was right in the man page with numerous examples: on <interface>.

Consider:

ufw allow on <interface> to any