search

trinib / AdGuard-WireGuard-Unbound-DNScrypt

Linux ultimate self-hosted network security guide ║ Linux 终极自托管网络安全指南 ║ Guía definitiva de seguridad de red autohospedada de Linux ║ लिनक्स परम स्व-होस्टेड नेटवर्क सुरक्षा गाइड ║ Окончательное руководство по безопасности собственной сети Linux
MIT License
772 stars 60 forks source link

How to: Make AdGuard UI and DNS service ports only accessible via VPN #42

Closed mp68 closed 2 years ago

mp68 commented 2 years ago

I was fiddling around a bit with ufw and decided to share my results with you: How to Make AdGuard UI and DNS service ports only accessible via VPN Note: by enabling ufw you can block new connections required to manage your server (SSH). Make sure you keep an SSH connection to your server open and test the rules by opening a another SSH connection. Otherwise you risk loosing access to your server!

  1. Reset ufw to defaults 
    sudo ufw default deny incoming
sudo ufw default allow outgoing
  2. Allow SSH access 
    sudo ufw allow ssh
  3. Allow access to the Wireguard VPN server (in this case the default port used in this tutorial) 
    sudo ufw allow 51820
  4. Identify network adapter used by Wireguard (can be identified by a name starting with "wg" followed by a number, if you start with a fresh install and follow this tutorial it should be wg0) 
    ip link show
  5. Allow access to all ports by requests coming from the Wireguard network adapter 
    sudo ufw allow in on wg0
  6. Enable ufw 
    sudo ufw enable
  7. Check the status of ufw 
    sudo ufw status numbered

I hope you find these rules useful. Feedback, modifications and suggestions are welcome 😊

welcome[bot] commented 2 years ago

Thanks for opening your first issue here 🙋🕵️