0

Let's say I want to allow my own external IP in on tun0 interface port 443.

Why doesn't

sudo ufw allow from 217.xxx.xxx.xxx proto tcp to tun0 port 443

Work (not on tun0 either) when

sudo ufw allow from 217.xxx.xxx.xxx proto tcp to any port 443

works?

All other answers (on this site) are allowing any, I don't want that.

Dave M
  • 4,494
  • 21
  • 30
  • 30
Adam Larsson
  • 31
  • 5
  • Does this answer your question? [Ubuntu ufw: set a rule on a per interface basis](https://serverfault.com/questions/270715/ubuntu-ufw-set-a-rule-on-a-per-interface-basis) – djdomi Jan 05 '22 at 15:59
  • @djdomi not actually, at least so I understand it. I want to open port **443** on network **interface tun0** for **one ip address** only. isn't that opening for everybody? or am I missing something? – Adam Larsson Jan 05 '22 at 18:52

2 Answers2

1

You must specify any or an ip-address before the command port

if you want just one address:

sudo ufw allow in on tun0 to (your tun0 ip address) 111.111.111.111 port 443 from (the ip you want to allow in) 222.222.222.222

sudo ufw allow in on tun0 to 111.111.111.111 port 443 from 222.222.222.222

If you want to allow everyone:

sudo ufw allow in on tun0 to any port 443
JoBe
  • 256
  • 1
  • 2
  • 10
0

because the parameter for to is an IP address, not an interface. To specify an interface you need to use on tun0. See man ufw

AlexD
  • 8,179
  • 2
  • 28
  • 38