Allowing outgoing connections to a particular IP with ufw

I have disabled outgoing connections as a whole with UFW seeing that I didn't want to take chances with my vBulletin forum exposing my server's IP address to attackers (I use CloudFlare).

As I've done this, I've noticed I am unable to query one particular IP address which is called internally through code. Now my question is, how can I allow only this specific IP (let's say 255.255.255.255) address to make outgoing connections?

Thanks!


I successfully allowed outgoing traffic to a specific ip on a specific port with the following command :

ufw allow out from any to <the.target.ip> port <port_number>

sudo ufw allow out to <ip_adress> port <number of port>
sudo ufw allow out to 192.168.x.x port 22
sudo ufw reload

to allow outgoing ssh only for that IP


Very simple fix! Here's to anyone wondering how this can be done:

1) Open /etc/ufw/before.rules and insert this rule above COMMIT on the last line

-A ufw-before-output -m owner --uid-owner {user} -p {protocol} --dport {port} -d {ip} -j ACCEPT

Fill in the values for each as so:

{user} - user you want to allow this (www-data)

{protocol} - udp or tcp

{port} - on what port you want to allow it

{ip} - IP Address you want to allow.

An example:

# server
-A ufw-before-output -m owner --uid-owner www-data -p udp --dport 6666 -d 255.255.255.255 -j ACCEPT # gameserver
-A ufw-before-output -m owner --uid-owner www-data -p tcp --dport 3306 -d 255.255.255.255 -j ACCEPT # mysql

# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

2) Restart ufw service ufw restart

Should all correctly work after! Ensure you don't put two ports in one like like "-dport 6666,5555" - it usually errors!