Closed Bronislawsky closed 4 years ago
@Bronislawsky Please kindly add this to the existing Issue on this topic instead:
https://github.com/littlebizzy/slickstack/issues/36
If you can use more descriptive titles when creating Issues, it would also help the community understand a bit more about what you're reporting. Thanks!
Alright, Issue was 'closed' that's why I created new one.. I am pretty git new, I will pay attention.
Precision in this issue, no matter if you add custom rules or not as soon as ss's user.rules is copied over /etc/ufw/user(6).rules it will not survive a 'ufw reload' because user.rules is not well formatted.
`typo in ss-install.txt
ufw allow @SSH_PORT
should be
ufw allow $SSH_PORT
########### This block generates user.rules and user6.rules ############ ufw default deny incoming ufw default allow outgoing ufw allow $SSH_PORT ufw allow 80 ufw allow 443 ufw allow 6379 #######################################################################
I think, these lines ################################################################################# wget -O /tmp/user.rules http://mirrors.slickstack.io/ufw-firewall/user-rules.txt
if [[ -z "$SSH_PORT" ]]; then sed -i "s/@SSH_PORT/6969/g" /tmp/user.rules else sed -i "s/@SSH_PORT/${SSH_PORT}/g" /tmp/user.rules fi
cp /tmp/user.rules /etc/ufw/user.rules chown root:root /etc/ufw/user.rules chmod 0664 /etc/ufw/user.rules ################################################################################## is useless because it overwrite the previously generated user(6).rules and if for some reson 'ufw reload' is executed, you get jailed out from ipv4. ipv6 rules will persiste because it hasn't been override with the faulty cp /tmp/user.rules /etc/ufw/user.rules
IMHO wget -O /tmp/user.rules http://mirrors.slickstack.io/ufw-firewall/user-rules.txt should not happend at all.`
Locking this thread as a similar Issue already exists, please add comments there, thanks ~
Hi! I have been able to reproduce the problem with /etc/ufw/user.rules
here, I just ran ufw reload and the user.rules get wiped and I believe I found out why, it doesn't pass the sanity check because it doesn't contain the comment
tuple ### ...
ref : https://askubuntu.com/questions/1006834/ufw-rules-disappear-after-manually-adding-them-to-user-rules-ubuntu-16-04