I have a couple rules in place to allow traffic in from specific IPs. Right after these rules I have rules to block everything else, as this firewall is an “allow by default” type.

The problem I’m facing is that when I replace these two ports to match “Any” instead, those machines (matrix server and game server) are unable to perform apt-gets.

I had thought that this should still be allowed, because the egress rules for those two permit outbound traffic to http/s and once that’s established it’s a “stateful” connection which should allow the traffic to flow back the other way.

What am I doing wrong here, and what is the best way to ensure that traffic only hits these servers from the minimal number of ports.

  • EmoPolarbear@lemmy.ca
    link
    fedilink
    English
    arrow-up
    4
    ·
    7 days ago

    You probably need an “allow established rule” not familiar with the interface youre using so i cant guide you mich further than that

    • root@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      7 days ago

      Ah, would this be a separate rule, or (as I’m using Ubiquiti) I could check “established” and/or “related” on either the allow or block rule?