I'm experimenting with setting up a wireguard network using Linux peers (Ubuntu and raspberry). The "Server" peer is running UFW and I've been looking at the log to try and figure out what rules I should have to get the setup working as intended. The last hurdle, I think, is that UFW logs a block when I'm connecting via SSH between peers. The actual connection goes though though so I'm not sure why it logs a block, could be related to this I guess UFW logs blocked request on open port, what am I missing?.
The UFW log block
kernel: [608949.041932] [UFW BLOCK] IN=wg0 OUT=wg0 MAC= SRC=IP DST=IP LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=20539 DF PROTO=TCP SPT=47826 DPT=22 WINDOW=64860 RES=0x00 SYN URGP=0
I added a forwarding rule to UFW for wg0
To Action From
Anywhere on wg0 ALLOW FWD Anywhere on wg0
This made the log messages disapeared and as far as I can tell everything is working fine and as expected.
Why post then? Because I'm very new to this and forwarding to and from the same interface seems wrong. I have another forward from wg0 to the physical NIC and that one I understand, in on one and out on another.
So, is this sane?
Thanks!
