X-Git-Url: http://lab.mitty.jp/git/?a=blobdiff_plain;ds=sidebyside;f=iptables%2Fufw%2Fafter.rules;fp=iptables%2Fufw%2Fafter.rules;h=f98d8f1caae598a1e820d03122f7c15772a5aa35;hb=71b798cb5d5acf287fe80c4c343c6fe703e19c0c;hp=37fc6e752c2f5a811e276e07c16f67ec2b950a19;hpb=49996391c0a72e72d2f07c9959e94f6036d621bb;p=lab.git

diff --git a/iptables/ufw/after.rules b/iptables/ufw/after.rules
index 37fc6e7..f98d8f1 100644
--- a/iptables/ufw/after.rules
+++ b/iptables/ufw/after.rules
@@ -15,6 +15,12 @@
 :ufw-after-forward - [0:0]
 # End required lines
 
+## allow connections to the local services from WAN
+# ssh 22/tcp
+-A ufw-after-input -p tcp --syn -m state --state NEW --dport 22 -j ACCEPT
+# https 443/tcp
+-A ufw-after-input -p tcp --syn -m state --state NEW --dport 443 -j ACCEPT
+
 # don't log noisy services by default
 -A ufw-after-input -p udp --dport 137 -j RETURN
 -A ufw-after-input -p udp --dport 138 -j RETURN