omarchy/install/development/firewall.sh

#!/bin/bash

if ! command -v ufw &>/dev/null; then
  yay -S --noconfirm --needed ufw ufw-docker

  # Allow nothing in, everything out
  sudo ufw default deny incoming
  sudo ufw default allow outgoing

  # Allow ports for LocalSend
  sudo ufw allow 53317/udp
  sudo ufw allow 53317/tcp

  # Allow SSH in
  sudo ufw allow 22/tcp

  # Allow Docker containers to use DNS on host
  sudo ufw allow in on docker0 to any port 53

  # Turn on the firewall
  sudo ufw enable

  # Turn on Docker protections
  sudo ufw-docker install
  sudo ufw reload
fi
Install and enable ufw firewall by default Gotta be safe out there! 2025-07-16 16:46:35 -07:00			`#!/bin/bash`

			`if ! command -v ufw &>/dev/null; then`
Don't update index during the normal run Since we did that at the start 2025-07-22 18:03:05 -04:00			`yay -S --noconfirm --needed ufw ufw-docker`
Install and enable ufw firewall by default Gotta be safe out there! 2025-07-16 16:46:35 -07:00
			`# Allow nothing in, everything out`
			`sudo ufw default deny incoming`
			`sudo ufw default allow outgoing`

			`# Allow ports for LocalSend`
			`sudo ufw allow 53317/udp`
			`sudo ufw allow 53317/tcp`

			`# Allow SSH in`
			`sudo ufw allow 22/tcp`

			`# Allow Docker containers to use DNS on host`
			`sudo ufw allow in on docker0 to any port 53`

			`# Turn on the firewall`
			`sudo ufw enable`
Turn on ufw-docker 2025-07-16 16:56:40 -07:00
			`# Turn on Docker protections`
			`sudo ufw-docker install`
Install and enable ufw firewall by default Gotta be safe out there! 2025-07-16 16:46:35 -07:00			`sudo ufw reload`
			`fi`