Ubuntu Firewall – Set UFW Rules on a Per Interface Basis

firewalliptablesUbuntuufw

I want to create a rule that allows anyone on eth1 to access port 80. Can UFW do this or should I go back to using Shorewall?

To clarify: this is a capabilties question, can ufw handle interfaces as a target?

Best Answer

I finally read the man page:

By default, ufw will apply rules to all available interfaces. To
limit  this,  specify DIRECTION on INTERFACE, where DIRECTION is
one of in or out (interface aliases  are  not  supported).   For
example,  to  allow  all  new incoming http connections on eth0,
use:

ufw allow in on eth0 to any port 80 proto tcp

To elaborate a little the answer is yes, ufw can use the interface as a target. My particular rule looked like this:

ufw allow in on eth1 to [eth1 ip addr] port 80 proto tcp

Best Answer

Related Solutions

Iptables Rule – Adding an Iptables Rule That UFW Can’t Create in Ubuntu

Ubuntu – In ufw is there any way to disable logging for a particular rule

Related Topic