Firewall: Allow access to device on specific ports only

Archibald · May 21, 2025, 7:41pm

Hi,
I want to give a family member access to a couple of services running on my home server via wireguard.
My main network is 192.168.124.1/24 with the server being 192.168.124.3 and the wireguard connection is on the separate network 192.168.130.1/24.
I already managed to block everything except the server at 192.168.124.3 if using the VPN but I would like to extend it and allow only certain ports e.g. allow Jellyfin (192.168.124.3:8096) but not AudioBookShelf (192.168.124.3:13378) or the server itself (192.168.124.3).

Is this possible? And if yes, how?
Thanks in advance.

sebastia · May 21, 2025, 8:12pm

sure, it possible.

In firewall, in the forward chain, you’ll need to allow traffic from wg to that server and the specific set of port. block all else (catch all rule).

Archibald · May 21, 2025, 8:22pm

Which protocol should I use because with the default tcp the option to set a port is greyed out.

Edit: TCP works just fine, thanks for the help