Henrik Bakken
46 lines
1.2 KiB
Bash
Executable File
46 lines
1.2 KiB
Bash
Executable File
#!/bin/sh
|
|
set -e
|
|
|
|
ZEROTIER_HJARL="172.30.0.0/16"
|
|
|
|
ufw disable
|
|
ufw reset
|
|
ufw default deny incoming
|
|
ufw default allow outgoing
|
|
ufw allow "SSH"
|
|
ufw allow "qBittorrent"
|
|
ufw allow "syncthing"
|
|
ufw allow "WWW Full"
|
|
|
|
ufw allow in 10000:10100/tcp comment "generic"
|
|
|
|
# docker
|
|
ufw allow in 2376,2377,7946/tcp comment "Docker tcp"
|
|
ufw allow in 4789,7946/udp comment "Docker udp"
|
|
|
|
# media streaming
|
|
ufw allow in from 192.168.0.0/16 to any port 8010 proto tcp comment "chromecast"
|
|
ufw allow in from 192.168.0.0/16 to any port 4101 proto tcp comment "castnow subs"
|
|
ufw allow in from 192.168.0.0/16 to any port 4103 proto tcp comment "castnow transcode"
|
|
ufw allow in proto igmp to 224.0.0.0/8 comment "multicast"
|
|
# ufw allow in from 192.168.0.0/16 to any port 32768:60999 proto udp comment "ephemeral ports"
|
|
|
|
# zerotier
|
|
ufw allow in 9993/udp comment "zerotier"
|
|
ufw allow in from $ZEROTIER_HJARL comment "zerotier hjarl network"
|
|
|
|
# plex
|
|
ufw allow in 1900,7349/udp comment "upnp service discovery"
|
|
ufw allow in from 192.168.0.0/16 to any port 32768:61000 proto udp comment "ephemeral ports"
|
|
|
|
# steam link
|
|
ufw allow in 27036,27037/tcp comment "Steam Link tcp"
|
|
ufw allow in 27031,27036/udp comment "Steam Link udp"
|
|
|
|
# enable firewall
|
|
ufw enable
|
|
|
|
# list all firewall rules
|
|
ufw status verbose
|
|
|