09-14-2020, 04:42 AM
Worth a try. Debian does have ufw.
Here's a real script I've written as an example. It's designed to be used in conjunction with the older version of this Raspberry Pi guide, where the Pi is used as a Wireless Access Point (and a web server).
Inbound and outbound traffic is restricted as much as possible. I hope this helps as a visual to what can be achieved with ufw and iptables.
Here's a real script I've written as an example. It's designed to be used in conjunction with the older version of this Raspberry Pi guide, where the Pi is used as a Wireless Access Point (and a web server).
Inbound and outbound traffic is restricted as much as possible. I hope this helps as a visual to what can be achieved with ufw and iptables.
Quote:#! /usr/bin/env dash -e
# Allow DHCP leasing (for eth0 and wlan0)
ufw allow in to any port 67 # DHCP (server)
ufw allow out to any port 68 # DHCP (client)
# Allow connections to destination ports (for local network addresses)
ufw allow in on eth0 from 192.168.0.0/16 to any port 80 # HTTP (to local webserver)
# Allow connections to destination ports (for local network addresses)
ufw allow in on eth0 from 192.168.0.0/16 to any port 80 # HTTP (to local webserver)
ufw allow out from 192.168.0.0/16 to any port 53 # DNS
ufw allow out from 192.168.0.0/16 to any port 123 # NTP
ufw allow out from 192.168.0.0/16 to any port 443 # HTTPS
# Allow connections to destination ports (for wlan0 DHCP addresses)
ufw allow in on wlan0 from 192.168.4.0/28 to any port 53 # DNS (query the local DNS server)
# Forward internet-facing incoming wlan0 connections to eth0 outgoing
ufw route allow in on wlan0 from 192.168.4.0/28 to any port 80 out on eth0 # HTTP
ufw route allow in on wlan0 from 192.168.4.0/28 to any port 443 out on eth0 # HTTPS