Interaction with UFW

sribe · May 26, 2023, 2:44am

I have Zerotier on a machine that is directly on the internet, with a publicly accessible IP. It works fine participating with the rest of the ZT network on IP6, and the world at large on IP4. Now I want to close off the world at large from most services, leaving only SSH open to the public network.

adding rules to ufw as

sudo ufw allow ssh
sudo ufw allow 9993/udp

Then enabling the firewall gets me part way there: SSH available to the public internet and ZT network, nothing else available at all. I expect I need to somehow let other services in via the ZT interface, but I’m having problems getting that to work.

sudo ufw allow proto tcp from fca2:... to any port 548

Is not the answer. What do I need to do?

sribe · May 28, 2023, 2:31pm

Solved. I was thinking that the ZT network running on UDP was somehow outside the “normal” networking. Instead, it looks like a normal network to UFW, so all I had to do was add a rule to allow the port from the ZT-assigned addresses, and it works.

system · June 27, 2023, 2:31pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.