I have a couple rules in place to allow traffic in from specific IPs. Right after these rules I have rules to block everything else, as this firewall is an “allow by default” type.

The problem I’m facing is that when I replace these two ports to match “Any” instead, those machines (matrix server and game server) are unable to perform apt-gets.

I had thought that this should still be allowed, because the egress rules for those two permit outbound traffic to http/s and once that’s established it’s a “stateful” connection which should allow the traffic to flow back the other way.

What am I doing wrong here, and what is the best way to ensure that traffic only hits these servers from the minimal number of ports.

  • root@lemmy.worldOP
    link
    fedilink
    arrow-up
    1
    ·
    7 days ago

    Ah, would this be a separate rule, or (as I’m using Ubiquiti) I could check “established” and/or “related” on either the allow or block rule?