Are there any settings in the environment files for UFW? By default, our monolith is configured as follows (note we use OpenVPN on port 1194):
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
To Action From
-- ------ ----
1194/udp ALLOW IN Anywhere
22 on tun0 ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
22 ALLOW IN Anywhere
60000:61000/udp ALLOW IN Anywhere
22/tcp LIMIT IN Anywhere
Since the ISP doesn't provide a second layer firewall, we're relying on UFW and would like this configuration (only listen for ssh on the VPN adapter):
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
To Action From
-- ------ ----
1194/udp ALLOW IN Anywhere
22 on tun0 ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
60000:61000/udp ALLOW IN Anywhere
However, when settings are updated and deployed, the system seems to add port 22 back on all adapters. It would be great if we could allow our preferred firewall config instead of remembering to update it if a code or config update is made.
Thanks!