REDROOM

Edit File Size: 2.48 KB

//usr/share/ufw/before.rules

Text Base64

#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
#   ufw-before-input
#   ufw-before-output
#   ufw-before-forward
#

# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]
# End required lines

# allow all on loopback
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-output -o lo -j ACCEPT

# quickly process packets for which we already have a connection
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# drop INVALID packets (logs these in loglevel medium and higher)
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP

# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

# ok icmp code for FORWARD
-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT

# allow dhcp client to work
-A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT

#
# ufw-not-local
#
-A ufw-before-input -j ufw-not-local

# if LOCAL, RETURN
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN

# if MULTICAST, RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN

# if BROADCAST, RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN

# all other non-local packets are dropped
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP

# allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT

# allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT

# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

Exit & Reset Text mode: syntax highlighting auto-detects file type.

Name	Size	Perms	Modified	Actions
iptables DIR	-	drwxr-xr-x	2026-01-08 12:55:34	Edit Download recursive recursive
messages DIR	-	drwxr-xr-x	2026-01-08 12:55:34	Edit Download recursive recursive
after.init	1.10 KB	lrw-r--r--	2024-03-11 13:18:21	Edit Download recursive recursive
after.rules	1004 B	lrw-r--r--	2024-03-11 13:18:21	Edit Download recursive recursive
after.rules.md5sum	305 B	lrw-r--r--	2023-05-16 13:59:14	Edit Download recursive recursive
after6.rules	915 B	lrw-r--r--	2024-03-11 13:18:21	Edit Download recursive recursive
after6.rules.md5sum	248 B	lrw-r--r--	2023-05-16 13:59:14	Edit Download recursive recursive
before.init	1.10 KB	lrw-r--r--	2024-03-11 13:18:21	Edit Download recursive recursive
before.rules	2.48 KB	lrw-r--r--	2024-03-11 13:18:21	Edit Download recursive recursive
before.rules.md5sum	558 B	lrw-r--r--	2023-05-16 13:59:14	Edit Download recursive recursive
before6.rules	6.54 KB	lrw-r--r--	2024-03-11 13:18:21	Edit Download recursive recursive
before6.rules.md5sum	693 B	lrw-r--r--	2023-05-16 13:59:14	Edit Download recursive recursive
check-requirements	7.48 KB	lrwxr-xr-x	2023-05-16 14:51:25	Edit Download recursive recursive
ufw.conf	312 B	lrw-r--r--	2024-03-11 13:18:21	Edit Download recursive recursive
user.rules	307 B	lrw-r--r--	2018-01-14 19:28:35	Edit Download recursive recursive
user.rules.md5sum	60 B	lrw-r--r--	2023-05-16 13:59:14	Edit Download recursive recursive
user6.rules	107 B	lrw-r--r--	2018-01-14 19:28:35	Edit Download recursive recursive
user6.rules.md5sum	61 B	lrw-r--r--	2023-05-16 13:59:14	Edit Download recursive recursive

Directory Contents