Docs Request: How to firewall flynn using ufw/iptables?

[onnimonni]

Hey!

Could you provide basic settings for ufw or other firewall in installation documentation?
Current documentation is quite vague: https://flynn.io/docs/production#firewalling because flynn contains so many internal virtual interfaces.

I just thought ufw could be could fit because the preferred distro is ubuntu.

I tried multiple different combinations but everytime postgres connections between hosts just got blocked.

This is related to my bootstrap firewall frustration: #3259.

[philiplb]

https://philiplb.de/flynn/2016/04/19/flynn-ufw/

[onnimonni]

Excelsior! I try again with those.

[onnimonni]

My problems were solved by using this one:

DEFAULT_FORWARD_POLICY="ACCEPT"

in /etc/default/ufw. Thanks @philiplb :)!

[Darkless012]

For the sake of completion, here is replacing DEFAULT_FORWARD_POLICY from command line (without the editor):
sed -i 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw

or just use:
ufw default allow routed

[phpfs]

Hi -
this is a must for standard flynn.io documentation in my opinion!
Also, as flynn.io wants to be as easy as possible, flynn-host should recommend to automatically set up networking with ufw :)

Thank you for making flynn.io possible!

[phpfs]

or just use:
ufw default allow routed

@Darkless012 - Isn't it this?
ufw default allow forward