ufw allow 25/tcp
ufw allow 465/tcp
ufw allow 587/tcp
ufw allow 143/tcp
ufw allow 993/tcp
ufw allow 110/tcp
ufw allow 995/tcp
ufw allow 4190/tcp
# http/s ports
ufw allow 443
ufw allow 80
ufw allow ssh # sshd on port 22, be careful to not get locked out!
ufw default deny incoming # deny traffic on every other port, on any interface
ufw enable
-
-
Save genesysflow/965b7f31f6c1012e23d44082641fe581 to your computer and use it in GitHub Desktop.
ufw ports for mailcow
thx for this
Using the fix for Docker with UFW and iptables: https://github.com/chaifeng/ufw-docker
I am running Nginx Proxy Manager etc and the ports should be opened to only related docker IP.
sudo ufw route allow from 123.456.789.2 to 172.22.1.114 port 443
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443 ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
172.22.1.9 7443 ALLOW FWD Anywhere
172.22.1.250 4190 ALLOW FWD Anywhere
172.22.1.250 995 ALLOW FWD Anywhere
172.22.1.250 993 ALLOW FWD Anywhere
172.22.1.250 143 ALLOW FWD Anywhere
172.22.1.250 110 ALLOW FWD Anywhere
443 ALLOW FWD Anywhere
172.22.1.253 25 ALLOW FWD Anywhere
172.22.1.253 465 ALLOW FWD Anywhere
172.22.1.253 587 ALLOW FWD Anywhere
443 (v6) ALLOW FWD Anywhere (v6)
and blocking also some bad guys with iptables for Chain DOCKER-USER
sudo iptables -L DOCKER-USER
Chain DOCKER-USER (1 references)
target prot opt source destination
DROP all -- 80.224.11.0/24 anywhere
DROP all -- 94.156.10.0/24 anywhere
DROP all -- 87.121.105.0/24 anywhere
DROP all -- 87.120.84.0/24 anywhere
DROP all -- 45.88.90.0/24 anywhere
DROP all -- 45.128.96.0/24 anywhere
DROP all -- 194.48.251.0/24 anywhere
DROP all -- 194.33.191.0/24 anywhere
DROP all -- 193.222.96.0/24 anywhere
ufw-user-forward all -- anywhere anywhere
RETURN all -- 10.0.0.0/8 anywhere
RETURN all -- 172.16.0.0/12 anywhere
RETURN all -- 192.168.0.0/16 anywhere
RETURN udp -- anywhere anywhere udp spt:domain dpts:1024:65535
ufw-docker-logging-deny tcp -- anywhere 192.168.0.0/16 tcp flags:FIN,SYN,RST,ACK/SYN
ufw-docker-logging-deny tcp -- anywhere 10.0.0.0/8 tcp flags:FIN,SYN,RST,ACK/SYN
ufw-docker-logging-deny tcp -- anywhere 172.16.0.0/12 tcp flags:FIN,SYN,RST,ACK/SYN
ufw-docker-logging-deny udp -- anywhere 192.168.0.0/16 udp dpts:0:32767
ufw-docker-logging-deny udp -- anywhere 10.0.0.0/8 udp dpts:0:32767
ufw-docker-logging-deny udp -- anywhere 172.16.0.0/12 udp dpts:0:32767
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
very usefull ✋ 👍