Ufw firewall rules

asdffdsa1122 · September 8, 2021, 3:57pm

hello and thanks,

Tailscale version - 1.14.0
Your operating system & version - ubuntu 21.04

on this page
Use UFW to lock down an Ubuntu server · Tailscale

sudo ufw allow in on tailscale0
sudo ufw allow 41641/udp

not an expert with ufw firewall rules but would it be more sure to allow tailscale0 only on port 41641?

what happens is another program is using 41641?

DGentry · September 8, 2021, 4:11pm

When you send a packet via tailscale0 it gets an IP header for 100.x.y.z, then it is encrypted and put into the payload of an outer IP+UDP packet to go out over the Internet. The outer UDP header will have source port 41641; we choose a fixed port for the benefit of sites which use strict outgoing rules to lock down to only specific source ports.

41641 is the default, but tailscaled takes a --port argument to choose a different port.

asdffdsa1122 · September 8, 2021, 4:27pm

thanks,

before posting, i did tailscale up --help on linux and windows and looked for a flag such as --port.

tailscaled --help does show it.

sorry about that…

TDPsGM · May 10, 2023, 12:21am

I am not a ufw expert at all either and was wondering about asdffdsa1122 other question:

what happens is another program is using 41641 ?

Is there a simple answer to this?

Thanks

Topic		Replies	Views
How to extend "Use UFW to lock down an Ubuntu server" to outbound traffic? Linux	1	1355	July 19, 2022
Applying Tailscale UFW lock down document blocks guests access	2	717	February 23, 2022
How can I specify which UDP port to use for each node? SUPPORT QUESTIONS	2	3143	March 14, 2023
Undertstanding tailscale ports	0	589	September 6, 2022
Single IP proxmox server tailscale guests issues SUPPORT QUESTIONS	0	513	December 14, 2022

Ufw firewall rules

Related Topics