Score:0

Conditional port forwarding with ufw as a default policy

cn flag

Is there a way such that: when a connection is denied (by the rule set) in ufw, it forwards that traffic to another port on the local machine, rather than dropping (by default)?

I can see two potential ways for port forwarding in ufw, I am wondering how to modify these so that it is conditional.

  1. Adding -A PREROUTING rule to /etc/ufw/before.rules. But I need that rule only to be applied when the connection should not be allowed (as defined in the ufw rules). In other words, as the default rule (to forward instead of block).

  2. sudo ufw route, but how to apply that route only for denied connections? The example I see does not have a condition set. (set that as a catch-all default policy). Is it possible to add route as the default rule for connections?

Michael Hampton avatar
cz flag
In that case you are not dropping the traffic at all! You are just port forwarding.
cn flag
@MichaelHampton That's right. I have updated the title and content accordingly. Thanks!
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.