UFW logging a block on a permitted portWhy is our firewall (Ubuntu 8.04) rejecting the final packet (FIN,...

What is Tony Stark injecting into himself in Iron Man 3?

Can the alpha, lambda values of a glmnet object output determine whether ridge or Lasso?

What are some noteworthy "mic-drop" moments in math?

When a wind turbine does not produce enough electricity how does the power company compensate for the loss?

Was it really inappropriate to write a pull request for the company I interviewed with?

What is better: yes / no radio, or simple checkbox?

Virginia employer terminated employee and wants signing bonus returned

Would an aboleth's Phantasmal Force lair action be affected by Counterspell, Dispel Magic, and/or Slow?

Is it possible to find 2014 distinct positive integers whose sum is divisible by each of them?

What's the 'present simple' form of the word "нашла́" in 3rd person singular female?

Can I negotiate a patent idea for a raise, under French law?

Rationale to prefer local variables over instance variables?

How exactly does an Ethernet collision happen in the cable, since nodes use different circuits for Tx and Rx?

What is the population of Romulus in the TNG era?

How to write a chaotic neutral protagonist and prevent my readers from thinking they are evil?

Can we track matter through time by looking at different depths in space?

In the late 1940’s to early 1950’s what technology was available that could melt ice?

Finitely many repeated replacements

Power Strip for Europe

How many characters using PHB rules does it take to be able to have access to any PHB spell at the start of an adventuring day?

Is it safe to abruptly remove Arduino power?

Is it possible to avoid unpacking when merging Association?

After `ssh` without `-X` to a machine, is it possible to change `$DISPLAY` to make it work like `ssh -X`?

I reported the illegal activity of my boss to his boss. My boss found out. Now I am being punished. What should I do?

UFW logging a block on a permitted port

Why is our firewall (Ubuntu 8.04) rejecting the final packet (FIN, ACK, PSH) with a RSTUFW logs blocked request on open port, what am I missing?UFW blocking port 80 when it should notWhy is UFW blocking some allowed internal connections?How to block spambots and about securityufw cancel port forwardCan I prevent some of the UFW messages from being logged?How to extract IP addresses from log?UFW blocks permitted portsKernel Notices UFW BlockUFW doesn't block the mongodb port

My current ufw status is as follows. UFW is set to default deny.

[ 1] SSH                        ALLOW IN    10.1.0.0/16               

[ 2] DNS                        ALLOW IN    10.1.0.0/16               

[ 3] DNS                        ALLOW IN    192.168.0.0/16            

[ 4] 1900,3478,10001/udp        ALLOW IN    10.1.0.0/16                # UniFi UDP ports

[ 5] 6789,8080,8443,8843,8880,27117/tcp ALLOW IN    10.1.0.0/16                # UniFi TCP ports

[ 6] 5353/udp                   ALLOW IN    10.1.0.0/16                # Multicast DNS aka Bonjour

So incoming TCP packets to port 8080 from the 10.1.0.0/16 block should all be allowed, but in my ufw.log I see constant repeats of the following:

Mar 10 18:28:48 pi-hole kernel: [97820.380848] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:52:72:40:00:40:06:d1:51 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21106 DF PROTO=TCP SPT=36656 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0 

Mar 10 18:29:10 pi-hole kernel: [97841.880829] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:55:42:40:00:40:06:ce:81 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21826 DF PROTO=TCP SPT=36657 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0 

Mar 10 18:29:31 pi-hole kernel: [97863.530929] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:87:7d:40:00:40:06:9c:46 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34685 DF PROTO=TCP SPT=36658 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0

implying it is blocking incoming TCP packets from 10.1.1.1 going to port 8080.

I tried running ufw reload to no avail. I have also tried allowing 8080 from any IP address, same problem.

I have even completely removed UFW using apt purge ufw and reinstalled and rebuilt my rules, but still get the same issue.

Any ideas?

asked 5 mins ago

Mike

New contributor

serverfault.com/q/309691/126632

– Michael Hampton♦
38 secs ago

add a comment |

My current ufw status is as follows. UFW is set to default deny.

[ 1] SSH                        ALLOW IN    10.1.0.0/16               

[ 2] DNS                        ALLOW IN    10.1.0.0/16               

[ 3] DNS                        ALLOW IN    192.168.0.0/16            

[ 4] 1900,3478,10001/udp        ALLOW IN    10.1.0.0/16                # UniFi UDP ports

[ 5] 6789,8080,8443,8843,8880,27117/tcp ALLOW IN    10.1.0.0/16                # UniFi TCP ports

[ 6] 5353/udp                   ALLOW IN    10.1.0.0/16                # Multicast DNS aka Bonjour

So incoming TCP packets to port 8080 from the 10.1.0.0/16 block should all be allowed, but in my ufw.log I see constant repeats of the following:

Mar 10 18:28:48 pi-hole kernel: [97820.380848] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:52:72:40:00:40:06:d1:51 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21106 DF PROTO=TCP SPT=36656 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0 

Mar 10 18:29:10 pi-hole kernel: [97841.880829] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:55:42:40:00:40:06:ce:81 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21826 DF PROTO=TCP SPT=36657 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0 

Mar 10 18:29:31 pi-hole kernel: [97863.530929] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:87:7d:40:00:40:06:9c:46 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34685 DF PROTO=TCP SPT=36658 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0

implying it is blocking incoming TCP packets from 10.1.1.1 going to port 8080.

I tried running ufw reload to no avail. I have also tried allowing 8080 from any IP address, same problem.

I have even completely removed UFW using apt purge ufw and reinstalled and rebuilt my rules, but still get the same issue.

Any ideas?

asked 5 mins ago

Mike

New contributor

serverfault.com/q/309691/126632

– Michael Hampton♦
38 secs ago

add a comment |

My current ufw status is as follows. UFW is set to default deny.

[ 1] SSH                        ALLOW IN    10.1.0.0/16               

[ 2] DNS                        ALLOW IN    10.1.0.0/16               

[ 3] DNS                        ALLOW IN    192.168.0.0/16            

[ 4] 1900,3478,10001/udp        ALLOW IN    10.1.0.0/16                # UniFi UDP ports

[ 5] 6789,8080,8443,8843,8880,27117/tcp ALLOW IN    10.1.0.0/16                # UniFi TCP ports

[ 6] 5353/udp                   ALLOW IN    10.1.0.0/16                # Multicast DNS aka Bonjour

So incoming TCP packets to port 8080 from the 10.1.0.0/16 block should all be allowed, but in my ufw.log I see constant repeats of the following:

Mar 10 18:28:48 pi-hole kernel: [97820.380848] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:52:72:40:00:40:06:d1:51 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21106 DF PROTO=TCP SPT=36656 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0 

Mar 10 18:29:10 pi-hole kernel: [97841.880829] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:55:42:40:00:40:06:ce:81 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21826 DF PROTO=TCP SPT=36657 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0 

Mar 10 18:29:31 pi-hole kernel: [97863.530929] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:87:7d:40:00:40:06:9c:46 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34685 DF PROTO=TCP SPT=36658 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0

implying it is blocking incoming TCP packets from 10.1.1.1 going to port 8080.

I tried running ufw reload to no avail. I have also tried allowing 8080 from any IP address, same problem.

I have even completely removed UFW using apt purge ufw and reinstalled and rebuilt my rules, but still get the same issue.

Any ideas?

asked 5 mins ago

Mike

New contributor

My current ufw status is as follows. UFW is set to default deny.

[ 1] SSH                        ALLOW IN    10.1.0.0/16               

[ 2] DNS                        ALLOW IN    10.1.0.0/16               

[ 3] DNS                        ALLOW IN    192.168.0.0/16            

[ 4] 1900,3478,10001/udp        ALLOW IN    10.1.0.0/16                # UniFi UDP ports

[ 5] 6789,8080,8443,8843,8880,27117/tcp ALLOW IN    10.1.0.0/16                # UniFi TCP ports

[ 6] 5353/udp                   ALLOW IN    10.1.0.0/16                # Multicast DNS aka Bonjour

So incoming TCP packets to port 8080 from the 10.1.0.0/16 block should all be allowed, but in my ufw.log I see constant repeats of the following:

Mar 10 18:28:48 pi-hole kernel: [97820.380848] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:52:72:40:00:40:06:d1:51 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21106 DF PROTO=TCP SPT=36656 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0 

Mar 10 18:29:10 pi-hole kernel: [97841.880829] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:55:42:40:00:40:06:ce:81 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21826 DF PROTO=TCP SPT=36657 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0 

Mar 10 18:29:31 pi-hole kernel: [97863.530929] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:87:7d:40:00:40:06:9c:46 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34685 DF PROTO=TCP SPT=36658 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0

implying it is blocking incoming TCP packets from 10.1.1.1 going to port 8080.

I tried running ufw reload to no avail. I have also tried allowing 8080 from any IP address, same problem.

I have even completely removed UFW using apt purge ufw and reinstalled and rebuilt my rules, but still get the same issue.

Any ideas?

ufw

asked 5 mins ago

Mike

New contributor

asked 5 mins ago

Mike

New contributor

asked 5 mins ago

Mike

New contributor

asked 5 mins ago

Mike

asked 5 mins ago

Mike

New contributor

Mike is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

serverfault.com/q/309691/126632

– Michael Hampton♦
38 secs ago

add a comment |

serverfault.com/q/309691/126632

– Michael Hampton♦
38 secs ago

serverfault.com/q/309691/126632

– Michael Hampton♦
38 secs ago

add a comment |

0

active

oldest

votes

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

Mike is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f957652%2fufw-logging-a-block-on-a-permitted-port%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

0

active

oldest

votes

0

active

oldest

votes

Mike is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Mike is a new contributor. Be nice, and check out our Code of Conduct.

Thanks for contributing an answer to Server Fault!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Ryfujk