Flynn: Docs Request: How to firewall flynn using ufw/iptables?

Created on 11 Aug 2016 · 6Comments · Source: flynn/flynn

Hey!

Could you provide basic settings for ufw or other firewall in installation documentation?
Current documentation is quite vague: https://flynn.io/docs/production#firewalling because flynn contains so many internal virtual interfaces.

I just thought ufw could be could fit because the preferred distro is ubuntu.

I tried multiple different combinations but everytime postgres connections between hosts just got blocked.

This is related to my bootstrap firewall frustration: https://github.com/flynn/flynn/issues/3259.

Source

onnimonni

Most helpful comment

https://philiplb.de/flynn/2016/04/19/flynn-ufw/

philiplb on 11 Aug 2016

👍6 🎉1

All 6 comments

https://philiplb.de/flynn/2016/04/19/flynn-ufw/

philiplb on 11 Aug 2016

👍6 🎉1

Excelsior! I try again with those.

onnimonni on 11 Aug 2016

👍1

My problems were solved by using this one:

DEFAULT_FORWARD_POLICY="ACCEPT"

in /etc/default/ufw. Thanks @philiplb :)!

onnimonni on 11 Aug 2016

👍2

For the sake of completion, here is replacing DEFAULT_FORWARD_POLICY from command line (without the editor):
sed -i 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw

or just use:
ufw default allow routed

Darkless012 on 5 Mar 2018

Hi -
this is a must for standard flynn.io documentation in my opinion!
Also, as flynn.io wants to be as easy as possible, flynn-host should recommend to automatically set up networking with ufw :)

Thank you for making flynn.io possible!