Disable outgoing connection via firewall

Question

For a headless setup, I would like to set up ufw so that

ssh into the machine is possible
no outgoing connections are allowed (not ssh, nor anything else; edit: particularly to the local network)

How do I configure ufw like this?

Explanation: I am trying to restrict all LAN traffic on a Raspberry Pi, except for incoming ssh (via port forward). The idea is to create a 'sandboxed' environment with no connectivity to machines on the same subnet. That is to say, unless the user knows the sudo password, and disable ufw, they cannot access the LAN.

Many thanks!

(Please note: As this is for a headless setup, I would like this to work while I ssh into the device. I.e., the ssh port has to stay open, or be opened immediately.)

Does this answer your question? How do I with ufw deny all outgoing ports excepting the ones I need? — mikewhatever, Jun 10 '23 at 17:54
Thank you for the tip. It's not clear to me that that that post actually has a solution :) It seems to offer a recipe, but not really a complete/accepted solution? — bjohas, Jun 10 '23 at 19:54

score 0 · Answer 1 · answered Jun 10 '23 at 20:32

0

I believe that this would work, but would appreciate feedback from others:

sudo ufw allow ssh
sudo ufw allow out to 192.168.0.1
sudo ufw deny out to 192.168.0.0/24

answered Jun 10 '23 at 20:32

bjohas

513

Disable outgoing connection via firewall

1 Answers1