LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 05-15-2018, 07:56 AM   #1
crypted
Member
 
Registered: Jan 2004
Posts: 52

Rep: Reputation: 15
UFW denying all incoming access even where rules allow


18.04 upgrade made me learn a lot namely now having to convert all of my old PGL based rules into UFW and my own iptables. Neat!

I have a script setting up the firewall. Everything is correctly allowed. However, it ufw disables everything no matter what the rules say...

I attempted to skate any problems by moving the SSH allow line to be after the deny incoming line just to test. This did not help.

If anyone can help me get ufw to follow the rules provided it would be most appreciated.


Quote:
Status: active

To Action From
-- ------ ----
Anywhere ALLOW 192.168.1.0/24
Anywhere ALLOW 10.0.0.0/24
Anywhere ALLOW 192.168.1.224

443/tcp ALLOW Anywhere
123 ALLOW Anywhere
22/tcp ALLOW Anywhere
53 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
500 ALLOW Anywhere
900 ALLOW Anywhere
922 ALLOW Anywhere
1194 ALLOW Anywhere
1680 ALLOW Anywhere
1723 ALLOW Anywhere
2710 ALLOW Anywhere
3000 ALLOW Anywhere
3333 ALLOW Anywhere
3900:65534/tcp ALLOW Anywhere
3900:65534/udp ALLOW Anywhere
5900/tcp ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
123 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
500 (v6) ALLOW Anywhere (v6)
900 (v6) ALLOW Anywhere (v6)
922 (v6) ALLOW Anywhere (v6)
1194 (v6) ALLOW Anywhere (v6)
1680 (v6) ALLOW Anywhere (v6)
1723 (v6) ALLOW Anywhere (v6)
2710 (v6) ALLOW Anywhere (v6)
3000 (v6) ALLOW Anywhere (v6)
3333 (v6) ALLOW Anywhere (v6)
3900:65534/tcp (v6) ALLOW Anywhere (v6)
3900:65534/udp (v6) ALLOW Anywhere (v6)
5900/tcp (v6) ALLOW Anywhere (v6) ywhere (v6) 1


Quote:
sudo ufw allow from 192.168.1.0/24
sudo ufw allow from 10.0.0.0/24
sudo ufw allow from 192.168.1.224
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 123
sudo ufw allow ufw-fileserver
sudo ufw allow openssh-server
sudo ufw allow ufw-directoryserver
sudo ufw allow ufw-webserver
sudo ufw allow 22/tcp
sudo ufw allow 53
sudo ufw allow 80
sudo ufw allow 443
sudo ufw allow 500
sudo ufw allow 900
sudo ufw allow 922
sudo ufw allow 1194
sudo ufw allow 1680
sudo ufw allow 1723
sudo ufw allow 2710
sudo ufw allow 3000
sudo ufw allow 3333
sudo ufw allow 3900:65534/tcp
sudo ufw allow 3900:65534/udp

sudo ufw default reject incoming
sudo ufw default allow outgoing

# added below to try and not lose system access if reject running last was causig issue
# but fails still when enabled so not an issue i guess
sudo ufw allow 22/tcp
sudo ufw allow 5900/tcp

sudo ufw enable
 
Old 05-15-2018, 09:13 PM   #2
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 14,290
Blog Entries: 24

Rep: Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903
Since UFW is a front-end for iptables, please post the output of

Code:
iptables -L
Be sure to surround it with "code" tags, which become available when you click the "Go Advanced" button below the "compose post" window.
 
Old 05-19-2018, 08:59 AM   #3
crypted
Member
 
Registered: Jan 2004
Posts: 52

Original Poster
Rep: Reputation: 15
Well, I kept UFW disabled and at some point after a number of reboots and continued system tweaks to get the new install where I need it PGL started loading fine and so all my rules and filters seem to be operational. At this point I'm thinking it's wise not to break what seems no longer broken for the sake of getting on a UFW bandwagon.

Thanks for the input. I'll come back to this should the PGL old iptable method break down.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Need to reload ufw after each restart to apply rules tuxthegreat Linux - Networking 5 05-11-2018 01:15 PM
LXer: Install UFW Firewall In Linux And Secure Computer From Harmful Incoming/Outgoing Connections LXer Syndicated Linux News 0 03-26-2015 09:11 AM
[SOLVED] ubuntu ufw configuration (deny incoming, outgoing) whitelist http, https snmou2 Linux - Security 2 11-19-2014 07:40 PM
UFW blocking certain incoming requests and not sure why smells_of_elderberries Linux - Security 10 04-02-2013 07:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 10:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration