Ufw firewall rules

hello and thanks,

Tailscale version - 1.14.0
Your operating system & version - ubuntu 21.04

on this page
Use UFW to lock down an Ubuntu server · Tailscale

sudo ufw allow in on tailscale0
sudo ufw allow 41641/udp

not an expert with ufw firewall rules but would it be more sure to allow tailscale0 only on port 41641?

what happens is another program is using 41641?

When you send a packet via tailscale0 it gets an IP header for 100.x.y.z, then it is encrypted and put into the payload of an outer IP+UDP packet to go out over the Internet. The outer UDP header will have source port 41641; we choose a fixed port for the benefit of sites which use strict outgoing rules to lock down to only specific source ports.

41641 is the default, but tailscaled takes a --port argument to choose a different port.


before posting, i did tailscale up --help on linux and windows and looked for a flag such as --port.

tailscaled --help does show it.

sorry about that…