Fix typo in UFW firewall rules#56
Conversation
Replace 'allow 5' with 'allow 53' in UFW rules for VPN setup.
There was a problem hiding this comment.
Pull request overview
Updates the VPN setup guide’s firewall instructions to correctly open DNS (port 53) instead of an incorrect port, aligning the documented firewall rules with the listed required forwarded ports.
Changes:
- Fixes UFW command to allow DNS traffic on port 53 (was incorrectly
5).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| sudo ufw allow OpenSSH | ||
| sudo ufw allow 500,4500/udp | ||
| sudo ufw allow 5 | ||
| sudo ufw allow 53 |
There was a problem hiding this comment.
sudo ufw allow 53 opens DNS (TCP+UDP) to the public internet from any source. If the intent is only to let VPN clients resolve DNS through the tunnel, it’s safer to restrict this rule to the VPN client subnet/interface (e.g., 10.10.10.0/24) and/or specify the exact protocol(s) needed (53/udp and only add 53/tcp if required) to avoid accidentally creating an open resolver/amplification surface.
| sudo ufw allow 53 | |
| sudo ufw allow from 10.10.10.0/24 to any port 53 proto udp |
|
Who the fuck asked for that clankers opinion |
Replace 'allow 5' with 'allow 53' in UFW rules for VPN setup.