e7ea45a802
Allow 172.16/12 prefix IPs for docker DNS as bridge networks will create another interface than docker0 within this CIDR prefix.
27 lines
639 B
Bash
27 lines
639 B
Bash
#!/bin/bash
|
|
|
|
if ! command -v ufw &>/dev/null && -z "${OMARCHY_CHROOT_INSTALL:-}"; then
|
|
yay -S --noconfirm --needed ufw ufw-docker
|
|
|
|
# Allow nothing in, everything out
|
|
sudo ufw default deny incoming
|
|
sudo ufw default allow outgoing
|
|
|
|
# Allow ports for LocalSend
|
|
sudo ufw allow 53317/udp
|
|
sudo ufw allow 53317/tcp
|
|
|
|
# Allow SSH in
|
|
sudo ufw allow 22/tcp
|
|
|
|
# Allow Docker containers to use DNS on host
|
|
sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment allow-docker-dns
|
|
|
|
# Turn on the firewall
|
|
sudo ufw --force enable
|
|
|
|
# Turn on Docker protections
|
|
sudo ufw-docker install
|
|
sudo ufw reload
|
|
fi
|