Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 07-30-2019, 09:29 AM   #1
Registered: Oct 2014
Posts: 72

Rep: Reputation: Disabled
configure ufw

i want to block all ports using ufw except http/https, basically just to browse the web

i used this

sudo ufw reset
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw status verbose
sudo ufw enable
sudo ufw logging on
sudo ufw allow out http
sudo ufw allow out https
this is my output

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To                         Action      From
--                         ------      ----
80                         ALLOW OUT   Anywhere                  
443                        ALLOW OUT   Anywhere                                   
80 (v6)                    ALLOW OUT   Anywhere (v6)            
443 (v6)                   ALLOW OUT   Anywhere (v6)
anything else i could do, maybe default disable outgoing by default?
is it ok to eliminate v6, i assume ipv6
is ok ALLOW OUT? as i understand this means connection that my pc starts to another ip

it seems my browser doesent work if i set default deny (outgoing)
after running 'lsof -i' it seems firefox has connections from local ports 56389 44274 22400 127612 to the websites's https (443)

but if i let any local port to connect to remote https, with something like this
sudo ufw allow out to any port 80
that leaves room for other programs (like possibly malware) to communicate

Last edited by zpimp; 07-30-2019 at 10:16 AM.
Old 07-30-2019, 11:04 AM   #2
Senior Member
Registered: Oct 2004
Distribution: FreeBSD Arch
Posts: 2,264

Rep: Reputation: 499Reputation: 499Reputation: 499Reputation: 499Reputation: 499
Start with the docs.

Then allow through/block what you wish.
1 members found this post helpful.
Old 07-30-2019, 11:12 AM   #3
Senior Member
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.6
Posts: 3,646

Rep: Reputation: 1209Reputation: 1209Reputation: 1209Reputation: 1209Reputation: 1209Reputation: 1209Reputation: 1209Reputation: 1209Reputation: 1209
Your desktop doesn't use port 80 (or port 443) to connect from your browser. Those ports are used by the remote web servers...those are the ports they listen on and respond from.

As you saw, your 'puter is using very high port numbers to connect outbound to remote servers. Yes, those ports (the high ones) need to be open to outbound traffic in order for you to be able to surf the web.

I don't use ufw, so can't help you with specifics...I just wanted to clarify that, unless you are running a web server, ports 80 and 443 on your machine are not used at all.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to Configure a Firewall with UFW on Ubuntu 18.04 LXer Syndicated Linux News 0 07-22-2019 08:50 AM
LXer: Ubuntu 9.10 UFW Firewall LXer Syndicated Linux News 0 10-15-2009 01:02 AM
ufw in Slackware mattydee Slackware 2 05-19-2009 02:35 PM
LXer: Gufw - Simple GUI for ufw (Uncomplicated Firewall) in Ubuntu LXer Syndicated Linux News 0 09-30-2008 03:20 AM
Can't access network printer through UFW cornleader Ubuntu 3 09-25-2008 09:46 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:36 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration