0

I have a server which is being tested and not yet ready for public access, hence general traffic is blocked by ufw.

I am trying to add some Google IP address ranges in the allowed rules which need to be on top of the other rules.

All the IPv4 addresses have been added fine, but when I try something like

sudo ufw insert 1 allow from 2c0f:fb50::/32 comment 'Google'

I get ERROR: Invalid position '1'.

I tried adding the same rule by not specifying a position and it is added correctly.

I also tried inserting an IPv4 rule in position 1 and that works too.


There's something that doesn't seem to work by using 'insert' and IPv6 in the same sentence.

Has anyone come across this before?

Dave White
  • 101
  • 1
  • I think https://serverfault.com/questions/706821/ufw-insert-number-throws-error can help you. – PersianGulf Jun 06 '23 at 19:50
  • 1
    one of my systems has 46 rules, when listing the rules I see the first 30 are ipv4 and then the ipv6 rules are the last 16. I don't create the rules in that order, i.e. all the ipv4 and then the ipv6. So the first valid "position" for inserting an IPv6 rule is "31", i.e. the position of first existing IPv6 rule - look at `prepend` in the `ufw` man page, which seems to be the only place that mentions the fact that rules are grouped by address family (IP type) – Jaromanda X Jun 07 '23 at 00:10
  • @PersianGulf thx, I think that one is talking about not having rule 1 in the first place, which is not the issue I have. – Dave White Jun 07 '23 at 08:08
  • Thanks @JaromandaX, looks like that was the issue: rules must be grouped by IP type. I was able to use `prepend` as you suggested and it worked. If you put your comment into an answer I will give you proper credit for it. – Dave White Jun 07 '23 at 08:20

0 Answers0