Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is it possible to tell UFW (Uncomplicated/Ubuntu Firewall) not to log certain blocked connection attempts? If not, is there some other firewall management software that would allow such a thing?
I've identified several unnecessary connection attempts from software that I use that aren't harmful, but relate to an aspect of the software that I don't use. The log fills up pretty quickly whenever I use that software, so I'd rather these particular connection attempts simply weren't logged.
Personally I would ditch UFW. It's not a bad tool if you like the UFW syntax but personally I think iptables is not that difficult. If you post what traffic you want to allow from where (network addresses or ranges, protocols and ports) we'll show you a basic iptables rule set that does just that. Deal?
If you post what traffic you want to allow from where (network addresses or ranges, protocols and ports) we'll show you a basic iptables rule set that does just that. Deal?
It's a very kind offer. Thank you.
But I think you've misunderstood. I want to block certain connection attempts but not log them. Can iptables help me accomplish that? If so, I'll abandon UFW and take you up on your offer
You're welcome but don't think too much of it: one way or the other "show and tell" is basically what we do here.
Quote:
Originally Posted by smells_of_elderberries
But I think you've misunderstood. I want to block certain connection attempts but not log them. Can iptables help me accomplish that? If so, I'll abandon UFW and take you up on your offer
In its simplest form a logging rule means a jump ("-j") with a target of LOG. Likewise a blocking rule means a jump with a target of either REJECT or DROP. A "log and block" rule basically is a combination of those two rules: logging rule first, then the blocking one. It's not that I don't understand your question, and sure UFW can do what you want, I just find it easier to express it using basic iptables rules.
Can a rule applied via iptables co-exist with rules managed by ufw? AFAIK ufw is just a front-end to iptables so I'm inclined to believe the answer is, "yes".
If so, I'll provide the information you need to so that you can create the rule that'll block without logging for the connections in question.
Yes, iptables can co-exist with ufw. However, a strong caveat is required in that unless you know what you are doing with respect to how Linux starts up and analyzes configuration files you are likely to rapidly get yourself into quicksand. See the following: http://manpages.ubuntu.com/manpages/...an8/ufw.8.html, note:
Quote:
When running ufw enable or starting ufw via its initscript, ufw will flush its chains. (snip)ufw supports application integration by reading profiles located in /etc/ufw/applications.d.
In other words, when UFW is called, all the iptables chains will be flushed. Consequently, any direct iptables rules you add to the UFW via a form of initialization scrip will need to be called at an appropriate time.
Personally, I think this is an unnecessary complication and I concur with unSpawn in that your best option is to forget UFW or any other front end for iptables and simply write iptables rules directly, which are no more complicated than those of UFW.
I disagree. I think ufw has a far simpler syntax and a faster learning curve.
Still, I agree that iptables should probably be manipulated directly instead of using a front-end. I'll undertake to start learning how to use iptables directly, and start a new thread if the same or new problems arise.
In case you need one, here is a pretty good introductory level tutorial on IPtables. There are better, more complete ones than this, but this is a good place to start.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.