ufw forward rules after the filter is applied?
Hi all.
I am setting up a machine to be router/firewall and bit by bit I am getting there.
However, I noticed one thing today. Even if I delete the allow rule in ufw for port 80, it still opens the website on the webserver behind the router/firewall.
Does this mean the port foward (NAT) rules in ufw are executed before the firewall filter and regardless if I am blocking port 80 for example? Is there a way to execute the port forward after the filter is applied? And where should the rule be in that case?
Most port forward tutorials mention /etc/ufw/before.rules so I have my port forwards there, but does being in before.rules actually means it is applied before the filter? I did a test putting it in after.rules but things didn't change. Or maybe I got the syntax wrong if it needs to be changed to be used in after.rules.
Any ideas? I need this pretty ASAP. Thanks.
Darko.
-----------------------------------------------------------------------
Ubuntu 18.04 LTS 64bit
Bookmarks