Install and enable ufw firewall by default

Gotta be safe out there!
2025-07-27 12:19:24 +00:00 · 2025-07-16 16:46:35 -07:00
parent 12a43ae400
commit 5c42f35839
1 changed files with 23 additions and 0 deletions
--- a/install/firewall.sh
+++ b/install/firewall.sh
@ -0,0 +1,23 @@
+#!/bin/bash
+
+if ! command -v ufw &>/dev/null; then
+  yay -Sy --noconfirm --needed ufw ufw-docker
+
+  # Allow nothing in, everything out
+  sudo ufw default deny incoming
+  sudo ufw default allow outgoing
+
+  # Allow ports for LocalSend
+  sudo ufw allow 53317/udp
+  sudo ufw allow 53317/tcp
+
+  # Allow SSH in
+  sudo ufw allow 22/tcp
+
+  # Allow Docker containers to use DNS on host
+  sudo ufw allow in on docker0 to any port 53
+
+  # Turn on the firewall
+  sudo ufw enable
+  sudo ufw reload
+fi