k8s ufw firewall

README.md

@@ -65,6 +65,36 @@ lxc-helpers.sh lxc_container_user_install $name $(id -u) $USER
 
 ## firewall
 
+```sh
+sudo apt-get install ufw
+```
+
+```sh
+sudo ufw default allow incoming
+sudo ufw default allow outgoing
+sudo ufw default allow routed
+
+ips="88.198.58.177 2a01:4f8:222:507::2" # host specific
+
+for host_ip in $ips ; do
+  sudo ufw allow to $host_ip  port 22 proto tcp
+  sudo ufw deny to $host_ip
+done
+
+for public_ip in 188.40.16.47 2a01:4f8:fff2:48::2 ; do
+  sudo ufw allow to $public_ip  port 22,80,443,2000:3000 proto tcp
+  sudo ufw deny to $public_ip
+done
+```
+
+```sh
+sudo systemctl enable ufw
+sudo ufw enable
+```
+
+```sh
+sudo ufw status verbose
+```
 
 ## nftables