ufw ipv4 does not persist about slickstack HOT 3 CLOSED

Thanks for your continued feedback on UFW configuration @Bronislawsky ... it has been janky since the beginning.

This is now fixed in our user.rules boilerplate:

### tuple ### allow tcp 80,443 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp -m multiport --dports 80,443 -j ACCEPT

### tuple ### allow tcp @SSH_PORT 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport @SSH_PORT -j ACCEPT

Ref: https://github.com/littlebizzy/slickstack/blob/master/ufw-firewall/user-rules.txt
Ref: https://github.com/littlebizzy/slickstack/blob/master/ss-install-ufw.txt

I'm not necessarily opposed to setting up rules using CLI commands, esp. since UFW is rather fragile. However, if we stop using a boilerplate then I'm concerned users will start customizing UFW rules, and SlickStack will have less predictability.

Since we want to make a very simple and predictable LEMP stack, I'm hoping to retain user.rules especially since the format and networking order of before.rules and after.rules seem a bit complex, idk.

Definitely could use some feedback on other sections too:

• *filter
• LOGGING
• RATE LIMITING

from slickstack.

Thank you very much

from slickstack.

Just an update on this, I've now also added a boilerplate for user6.rules for IPv6 support as well... to verify that both IPv4 and IPv6 rules are running correctly type sudo ufw status verbose and it should look like:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80,443/tcp                 ALLOW IN    Anywhere                  
6969/tcp                   ALLOW IN    Anywhere                  
80,443/tcp (v6)            ALLOW IN    Anywhere (v6)             
6969/tcp (v6)              ALLOW IN    Anywhere (v6)     

from slickstack.