LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-06-2014, 01:24 PM   #16
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724

The commands did not work because this rule:
Code:
80                         ALLOW IN    Anywhere
..is probably applied before following rules

Now it's possible to insert rule at top position:
Code:
sudo ufw insert 1 deny from 54.224.0.0/12
check with:
Code:
sudo ufw status numbered

Last edited by keefaz; 09-06-2014 at 01:35 PM.
 
Old 09-06-2014, 01:33 PM   #17
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724
Quote:
Originally Posted by mark_alfred View Post
Are you able to block the site euchre-cardgame.com with ufw?
I don't use ufw, sorry

But I am able to block euchre-cardgame.com with this iptables rule:
Code:
iptables -A INPUT -s 54.224.0.0/12 -j DROP
As ufw is frontend for iptables, ufw should be able to block same ip range

Last edited by keefaz; 09-06-2014 at 01:35 PM.
 
Old 09-06-2014, 02:31 PM   #18
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 13
Posts: 1,512

Original Poster
Rep: Reputation: 194Reputation: 194
Thanks keefaz, that's interesting. I ran the command you gave, along with one targeting 54.192.55.220 since flagfox gave me that as the ip-address. Regardless, it did not work. Good to hear that it can work if things are set up right, though. Gives me hope.

Code:
mark@mark-OptiPlex-755:~$ sudo ufw status verbose
Status: active
Logging: on (medium)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
Anywhere                   DENY IN     54.192.0.0/12
Anywhere                   DENY IN     54.224.0.0/12
80                         ALLOW IN    Anywhere
22                         DENY IN     Anywhere
443                        DENY IN     Anywhere
2812                       DENY IN     Anywhere
80 (v6)                    ALLOW IN    Anywhere (v6)
22 (v6)                    DENY IN     Anywhere (v6)
443 (v6)                   DENY IN     Anywhere (v6)
2812 (v6)                  DENY IN     Anywhere (v6)

31.192.117.132             DENY OUT    Anywhere
66.135.40.54 80            DENY OUT    Anywhere
68.169.65.151              DENY OUT    Anywhere

mark@mark-OptiPlex-755:~$
 
Old 09-06-2014, 02:53 PM   #19
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724
Maybe you need to specify port number?
Code:
sudo ufw insert 1 deny proto tcp from 54.192.0.0/12 port 80
Enabling login may be usefull
Code:
sudo ufw logging on
Open another terminal to see the logs and
Code:
sudo tail -f /var/log/syslog
Then open euchre-cardgame.com url with your web browser and see what happens in the logs
 
Old 09-06-2014, 02:57 PM   #20
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 13
Posts: 1,512

Original Poster
Rep: Reputation: 194Reputation: 194
To test, I removed the allow 80 top rule and the allow 80 (v6) rule, and added what you suggested:

Code:
mark@mark-OptiPlex-755:~$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   DENY IN     54.224.0.0/12
[ 2] 22                         DENY IN     Anywhere
[ 3] 443                        DENY IN     Anywhere
[ 4] 2812                       DENY IN     Anywhere
[ 5] 31.192.117.132             DENY OUT    Anywhere (out)
[ 6] 66.135.40.54 80            DENY OUT    Anywhere (out)
[ 7] 68.169.65.151              DENY OUT    Anywhere (out)
[ 8] 22 (v6)                    DENY IN     Anywhere (v6)
[ 9] 443 (v6)                   DENY IN     Anywhere (v6)
[10] 2812 (v6)                  DENY IN     Anywhere (v6)

mark@mark-OptiPlex-755:~$
Still doesn't block the euchre site.
 
Old 09-06-2014, 03:00 PM   #21
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 13
Posts: 1,512

Original Poster
Rep: Reputation: 194Reputation: 194
Code:
mark@mark-OptiPlex-755:~$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   DENY IN     54.224.0.0/12 80/tcp
[ 2] Anywhere                   DENY IN     54.192.0.0/12 80/tcp
[ 3] 22                         DENY IN     Anywhere
[ 4] 443                        DENY IN     Anywhere
[ 5] 2812                       DENY IN     Anywhere
[ 6] 31.192.117.132             DENY OUT    Anywhere (out)
[ 7] 66.135.40.54 80            DENY OUT    Anywhere (out)
[ 8] 68.169.65.151              DENY OUT    Anywhere (out)
[ 9] 22 (v6)                    DENY IN     Anywhere (v6)
[10] 443 (v6)                   DENY IN     Anywhere (v6)
[11] 2812 (v6)                  DENY IN     Anywhere (v6)

mark@mark-OptiPlex-755:~$
Tried your suggestion. Still comes through.
 
Old 09-06-2014, 04:37 PM   #22
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 13
Posts: 1,512

Original Poster
Rep: Reputation: 194Reputation: 194
Interesting. From the log, I saw the following:

Code:
Sep  6 16:06:56 mark-OptiPlex-755 kernel: [71395.571864] [UFW AUDIT] IN= OUT=ppp0 SRC=206.248.136.130 DST=54.192.55.164 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23103 DF PROTO=TCP SPT=53641 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0 
Sep  6 16:06:56 mark-OptiPlex-755 kernel: [71395.571874] [UFW ALLOW] IN= OUT=ppp0 SRC=206.248.136.130 DST=54.192.55.164 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23103 DF PROTO=TCP SPT=53641 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0 
Sep  6 16:06:56 mark-OptiPlex-755 kernel: [71395.575468] [UFW AUDIT] IN= OUT=ppp0 SRC=206.248.136.130 DST=54.192.55.164 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=64381 DF PROTO=TCP SPT=53642 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0 
Sep  6 16:06:56 mark-OptiPlex-755 kernel: [71395.575477] [UFW ALLOW] IN= OUT=ppp0 SRC=206.248.136.130 DST=54.192.55.164 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=64381 DF PROTO=TCP SPT=53642 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0 
Sep  6 16:06:56 mark-OptiPlex-755 kernel: [71395.577906] [UFW AUDIT] IN= OUT=ppp0 SRC=206.248.136.130 DST=54.192.55.164 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19511 DF PROTO=TCP SPT=53643 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0 
Sep  6 16:06:56 mark-OptiPlex-755 kernel: [71395.577914] [UFW ALLOW] IN= OUT=ppp0 SRC=206.248.136.130 DST=54.192.55.164 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19511 DF PROTO=TCP SPT=53643 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0
Oddly it shows my ip as the src, and the euchre ip as the dst. I suppose it is a game site, so there is some flow from my ip to it. Regardless, the transaction was allowed.

To preserve my webserving capabilities, I did reopen port 80. But I still have "54.192.55.164" blocked:

Code:
mark@mark-OptiPlex-755:/var/log$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   DENY IN     54.192.0.0/12 80/tcp
[ 2] 22                         DENY IN     Anywhere
[ 3] 443                        DENY IN     Anywhere
[ 4] 2812                       DENY IN     Anywhere
[ 5] 31.192.117.132             DENY OUT    Anywhere (out)
[ 6] 66.135.40.54 80            DENY OUT    Anywhere (out)
[ 7] 68.169.65.151              DENY OUT    Anywhere (out)
[ 8] 80                         ALLOW IN    Anywhere
[ 9] 22 (v6)                    DENY IN     Anywhere (v6)
[10] 443 (v6)                   DENY IN     Anywhere (v6)
[11] 2812 (v6)                  DENY IN     Anywhere (v6)
[12] 80 (v6)                    ALLOW IN    Anywhere (v6)

mark@mark-OptiPlex-755:/var/log$
Some sites do get blocked, though. And these are ones that I have not been visiting (perhaps spiders or other roving sites).

Code:
Sep  6 16:13:13 mark-OptiPlex-755 kernel: [71772.426160] [UFW AUDIT] IN=ppp0 OUT= MAC= SRC=123.151.42.61 DST=206.248.136.130 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=12208 DPT=0 WINDOW=8192 RES=0x00 SYN URGP=0 
Sep  6 16:13:13 mark-OptiPlex-755 kernel: [71772.426180] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=123.151.42.61 DST=206.248.136.130 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=12208 DPT=0 WINDOW=8192 RES=0x00 SYN URGP=0
My ip is the destination, and some ip from China is the src. It's blocked, for reasons I'm not sure of. I'm the dst here, not the src.

The political site rabble.ca that I've mentioned -- when I try to go there I get the following:
Code:
Sep  6 16:23:53 mark-OptiPlex-755 kernel: [72413.020056] [UFW AUDIT] IN= OUT=ppp0 SRC=206.248.136.130 DST=66.135.40.54 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=32403 DF PROTO=TCP SPT=35386 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0
It just continues to audit it without approving it, and thus I never see the site (it just unsuccessfully appears to be loading forever). Again my ip is the source in this transaction.

A frequent entry is the following one:
Code:
Sep  6 16:26:04 mark-OptiPlex-755 kernel: [72543.076292] [UFW ALLOW] IN= OUT=ppp0 SRC=206.248.136.130 DST=206.248.154.22 LEN=59 TOS=0x00 PREC=0x00 TTL=64 ID=56553 DF PROTO=UDP SPT=38906 DPT=53 LEN=39
the src is my ip, and the dst is a similar ip, likely associated with my ISP.

The euchre ip doesn't always show up when I visit the site. Sometimes it's different.

Here's another blocked ip. This came up right after I accessed the euchre site (but the euchre site came through).
Code:
Sep  6 16:31:29 mark-OptiPlex-755 kernel: [72868.198097] [UFW AUDIT] IN=ppp0 OUT= MAC= SRC=211.150.122.83 DST=206.248.136.130 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=20473 PROTO=TCP SPT=42969 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 
Sep  6 16:31:29 mark-OptiPlex-755 kernel: [72868.198110] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=211.150.122.83 DST=206.248.136.130 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=20473 PROTO=TCP SPT=42969 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0
The blocked ip seems to be "211.150.122.83".

Anyway, clearly I'm not going to figure it out. I was just curious, but it's not crucial.

Last edited by mark_alfred; 09-06-2014 at 04:45 PM.
 
Old 09-06-2014, 05:51 PM   #23
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724
Don't worry about the frequent entries with UDP dpt 53, most certainly DNS requests

The logs make sense somewhat, in the sense as they show what you experienced
Maybe there are other rules set as default for ufw, defined in some files in /etc

You could check all applied rules with
Code:
sudo iptables -L -n -v
 
Old 09-06-2014, 06:07 PM   #24
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 13
Posts: 1,512

Original Poster
Rep: Reputation: 194Reputation: 194
Thanks for your feedback. Here's the result of your last suggestion. I haven't a clue what any of this means.

Code:
mark@mark-OptiPlex-755:~$ sudo iptables -L -n -v
Chain INPUT (policy DROP 23 packets, 1489 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 291K  327M ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 291K  327M ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  743 38328 ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  677 34648 ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  677 34648 ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  677 34648 ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw-before-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-track-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 79 packets, 24478 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 223K   41M ufw-before-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 223K   41M ufw-before-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
19713 1553K ufw-after-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
19713 1553K ufw-after-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
19713 1553K ufw-reject-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
19713 1553K ufw-track-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   22  1716 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:138
   20   880 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:139
   24  1084 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
    0     0 ufw-skip-to-policy-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   23  1489 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  254 46359 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 ufw-user-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
26827   22M ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
 263K  304M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   76  3841 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
   76  3841 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    7   220 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
 1192 63140 ufw-not-local  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251          udp dpt:5353
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            239.255.255.250      udp dpt:1900
 1192 63140 ufw-user-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  101  6049 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  232 30494 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
26827   22M ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
 176K   17M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
20231 1584K ufw-user-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    7   296 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT INVALID] "
    7   296 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1192 63140 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-input (7 references)
 pkts bytes target     prot opt in     out     source               destination         
   66  3680 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-track-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 5731  478K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW
13211  877K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW

Chain ufw-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  *      *       54.192.0.0/12        0.0.0.0/0            tcp spt:80
    6   248 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:22
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:443
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2812
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:2812
   34  2040 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:80

Chain ufw-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            31.192.117.132      
   42  2520 DROP       tcp  --  *      *       0.0.0.0/0            66.135.40.54         tcp dpt:80
    0     0 DROP       udp  --  *      *       0.0.0.0/0            66.135.40.54         udp dpt:80
   28  1680 DROP       all  --  *      *       0.0.0.0/0            68.169.65.151       
mark@mark-OptiPlex-755:~$
 
Old 09-06-2014, 06:29 PM   #25
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724
I think this rule in Chain ufw-before-input (applied before user rules) :
Code:
263K  304M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
makes my command not work

TCP is a relation protocol with handshake, when you open an url the connection is being established.
So this rule allows any established connections before any input user rules set with ufw

You can block input access with ufw but not an established input connection

You were right finally, when you block IPs in rules for output traffic

I would try:
Code:
sudo ufw insert 1 deny out to 54.192.0.0/12
 
1 members found this post helpful.
Old 09-06-2014, 06:53 PM   #26
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 13
Posts: 1,512

Original Poster
Rep: Reputation: 194Reputation: 194
That last one worked! I'm not completely sure why this time, but it is now blocking it. Thanks.
 
Old 09-06-2014, 07:10 PM   #27
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724
Good! You tried it before?
 
Old 09-06-2014, 07:25 PM   #28
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 13
Posts: 1,512

Original Poster
Rep: Reputation: 194Reputation: 194
No. I had tried a variant, but not that exact command.

I find that amazon.com loses all its images. They get blocked, though the site itself comes through. Is there a way to lessen the range? I tried the exact ip address for the euchre site, but the last three digits sometimes change.
 
Old 09-06-2014, 07:47 PM   #29
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724
I don't know what you call last 3 digits

Is it: 54.192.0.128
or: 54.192.0.128


If it's only the last number (eg 128), you can use a 24 netmask, so blocked ips would be: 54.192.0.1 to 54.192.0.254

Range is noted:
Code:
54.192.0.0/24
If it's the 3 last numbers (eg 192.0.128), I'm affraid you need the netmask set to 12 as shown in the link I posted

Maybe play with the netmask, the greater the number, the lesser the range becomes
 
Old 09-06-2014, 07:57 PM   #30
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 13
Posts: 1,512

Original Poster
Rep: Reputation: 194Reputation: 194
Hmm, seems it's too broad. If there was a way to keep the first three numbers as 54.192.55, and then set a wildcard for the last number, then it might not interfere with the amazon (and no doubt other) sites. Oh well. I tried the range number you have above but that didn't block it.
 
  


Reply

Tags
ufw


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Why is UFW/iptables blocking packets it shouldn't be? d2d2 Linux - Networking 6 05-31-2014 10:04 PM
[SOLVED] Help Me!! UFW blocking weird IPs? mryemeni Linux - Security 3 02-06-2014 01:33 PM
UFW blocking certain incoming requests and not sure why smells_of_elderberries Linux - Security 10 04-02-2013 07:19 PM
Blocking dhcpd address lease for specific MAC address kulman Linux - Server 8 03-30-2013 02:51 PM
[SOLVED] Whether ufw iptables support nating & Mac address restriction through firewall sanjay87 Linux - Server 1 03-05-2012 10:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration