It’s been a hot minute since I last posted and I figured this was worth sharing. There’s been plenty since the last post, but time has not always been on my side. Today it is!
Short and sweet. I needed a VM being used as an OSPF router with two interfaces to be able to allow traffic to traverse it in both directions. The commands look something like this:
1. sudo apt install ufw
2. sudo ufw disable
3. sudo ufw default allow forward
4. sudo ufw allow from 126.96.36.199/24
5. sudo ufw allow in on eth0 from
6. sudo ufw allow in on eth1 from
7. sudo ufw enable
1. Install UFW
2. Disable the firewall for good measure, especially if you’re doing something silly like testing in production :-/
3. Set the default behaviour of forwarded/routed traffic to ALLOW (it’s DROP by default)
(You can also use: sudo ufw default allow routed – routed is an alias of forward)
4. Allow the multicast subnet for OSPF
No ownership is implied. Other dynamic routing protocols use the same multicast range.
5. Allow traffic bound for eth0 from the IP Address of the upstream router (to send and receive routes)
6. Allow traffic bound for eth1 from the IP Address of the downstream router (to send and receive routes)
If you just have endpoints such as servers or workstations talking to eth1, then you don’t need to enter this command.
7. Enable the firewall.
There are plenty of other solutions out there for modifying configuration files and such, but if you’re going to do that, you might as well remove UFW and use IPTables directly.
That’s all folks!
P.S. This does not break the default INPUT rule, which in my case was and still is DENY. The above commands allow traffic to traverse the firewall/VM, not gain access to the firewall/VM.