Is allowing a forward forward rule in UFW from and to the same interface sane?

zorlax

2/19/24, 10:57 AM

I'm experimenting with setting up a wireguard network using Linux peers (Ubuntu and raspberry). The "Server" peer is running UFW and I've been looking at the log to try and figure out what rules I should have to get the setup working as intended. The last hurdle, I think, is that UFW logs a block when I'm connecting via SSH between peers. The actual connection goes though though so I'm not sure why it logs a block, could be related to this I guess UFW logs blocked request on open port, what am I missing?.

The UFW log block

kernel: [608949.041932] [UFW BLOCK] IN=wg0 OUT=wg0 MAC= SRC=IP DST=IP LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=20539 DF PROTO=TCP SPT=47826 DPT=22 WINDOW=64860 RES=0x00 SYN URGP=0

I added a forwarding rule to UFW for wg0

To                 Action      From
Anywhere on wg0    ALLOW FWD   Anywhere on wg0

This made the log messages disapeared and as far as I can tell everything is working fine and as expected.

Why post then? Because I'm very new to this and forwarding to and from the same interface seems wrong. I have another forward from wg0 to the physical NIC and that one I understand, in on one and out on another.

So, is this sane?

Thanks!

180

0 + 0

ufw

wireguard

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is allowing a forward forward rule in UFW from and to the same interface sane?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.