ansible/roles/ufw/files/startufw

# ssh
sudo ufw allow 22
# dns
sudo ufw allow 53
# http
sudo ufw allow http
# https
sudo ufw allow https
# ntp
sudo ufw allow 123
# rsync
sudo ufw allow 873
# bbb
sudo ufw allow 16384:32768/udp
# snmtp root3
sudo ufw allow from 138.201.126.41 to any port 161 proto udp
# snmtp root4
sudo ufw allow from 88.99.138.96 to any port 161 proto udp
# snmtp root5
sudo ufw allow from 94.130.135.216 to any port 161 proto udp
# snmtp core rudi
sudo ufw allow from 178.15.59.28 to any port 161 proto udp
sudo ufw allow from 178.15.152.60 to any port 161 proto udp

# private Netzwerkte gehen nicht - nach der Portscan-Sache auf dem bbb3
sudo ufw deny out from any to 10.0.0.0/8

# Achtung: Für greenlight-Installationen 172.x NICHT blocken, das wird vom GL-Dockercontainer verwendet
sudo ufw deny out from any to 172.16.0.0/12

sudo ufw deny out from any to 192.168.0.0/16
sudo ufw deny out from any to 100.64.0.0/10
sudo ufw deny out from any to 198.18.0.0/15
sudo ufw deny out from any to 169.254.0.0/16

echo y | sudo ufw enable
sudo ufw status >> /home/core/tmp/ufwstatus.log