UFW logging a block on a permitted portWhy is our firewall (Ubuntu 8.04) rejecting the final packet (FIN,...
What is Tony Stark injecting into himself in Iron Man 3?
Can the alpha, lambda values of a glmnet object output determine whether ridge or Lasso?
What are some noteworthy "mic-drop" moments in math?
When a wind turbine does not produce enough electricity how does the power company compensate for the loss?
Was it really inappropriate to write a pull request for the company I interviewed with?
What is better: yes / no radio, or simple checkbox?
Virginia employer terminated employee and wants signing bonus returned
Would an aboleth's Phantasmal Force lair action be affected by Counterspell, Dispel Magic, and/or Slow?
Is it possible to find 2014 distinct positive integers whose sum is divisible by each of them?
What's the 'present simple' form of the word "нашла́" in 3rd person singular female?
Can I negotiate a patent idea for a raise, under French law?
Rationale to prefer local variables over instance variables?
How exactly does an Ethernet collision happen in the cable, since nodes use different circuits for Tx and Rx?
What is the population of Romulus in the TNG era?
How to write a chaotic neutral protagonist and prevent my readers from thinking they are evil?
Can we track matter through time by looking at different depths in space?
In the late 1940’s to early 1950’s what technology was available that could melt ice?
Finitely many repeated replacements
Power Strip for Europe
How many characters using PHB rules does it take to be able to have access to any PHB spell at the start of an adventuring day?
Is it safe to abruptly remove Arduino power?
Is it possible to avoid unpacking when merging Association?
After `ssh` without `-X` to a machine, is it possible to change `$DISPLAY` to make it work like `ssh -X`?
I reported the illegal activity of my boss to his boss. My boss found out. Now I am being punished. What should I do?
UFW logging a block on a permitted port
Why is our firewall (Ubuntu 8.04) rejecting the final packet (FIN, ACK, PSH) with a RSTUFW logs blocked request on open port, what am I missing?UFW blocking port 80 when it should notWhy is UFW blocking some allowed internal connections?How to block spambots and about securityufw cancel port forwardCan I prevent some of the UFW messages from being logged?How to extract IP addresses from log?UFW blocks permitted portsKernel Notices UFW BlockUFW doesn't block the mongodb port
My current ufw status is as follows. UFW is set to default deny.
[ 1] SSH ALLOW IN 10.1.0.0/16
[ 2] DNS ALLOW IN 10.1.0.0/16
[ 3] DNS ALLOW IN 192.168.0.0/16
[ 4] 1900,3478,10001/udp ALLOW IN 10.1.0.0/16 # UniFi UDP ports
[ 5] 6789,8080,8443,8843,8880,27117/tcp ALLOW IN 10.1.0.0/16 # UniFi TCP ports
[ 6] 5353/udp ALLOW IN 10.1.0.0/16 # Multicast DNS aka Bonjour
So incoming TCP packets to port 8080 from the 10.1.0.0/16 block should all be allowed, but in my ufw.log I see constant repeats of the following:
Mar 10 18:28:48 pi-hole kernel: [97820.380848] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:52:72:40:00:40:06:d1:51 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21106 DF PROTO=TCP SPT=36656 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0
Mar 10 18:29:10 pi-hole kernel: [97841.880829] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:55:42:40:00:40:06:ce:81 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21826 DF PROTO=TCP SPT=36657 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0
Mar 10 18:29:31 pi-hole kernel: [97863.530929] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:87:7d:40:00:40:06:9c:46 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34685 DF PROTO=TCP SPT=36658 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0
implying it is blocking incoming TCP packets from 10.1.1.1 going to port 8080.
I tried running ufw reload to no avail. I have also tried allowing 8080 from any IP address, same problem.
I have even completely removed UFW using apt purge ufw and reinstalled and rebuilt my rules, but still get the same issue.
Any ideas?
ufw
asked 5 mins ago
MikeMike
1
New contributor
Mike is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
My current ufw status is as follows. UFW is set to default deny.
[ 1] SSH ALLOW IN 10.1.0.0/16
[ 2] DNS ALLOW IN 10.1.0.0/16
[ 3] DNS ALLOW IN 192.168.0.0/16
[ 4] 1900,3478,10001/udp ALLOW IN 10.1.0.0/16 # UniFi UDP ports
[ 5] 6789,8080,8443,8843,8880,27117/tcp ALLOW IN 10.1.0.0/16 # UniFi TCP ports
[ 6] 5353/udp ALLOW IN 10.1.0.0/16 # Multicast DNS aka Bonjour
So incoming TCP packets to port 8080 from the 10.1.0.0/16 block should all be allowed, but in my ufw.log I see constant repeats of the following:
Mar 10 18:28:48 pi-hole kernel: [97820.380848] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:52:72:40:00:40:06:d1:51 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21106 DF PROTO=TCP SPT=36656 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0
Mar 10 18:29:10 pi-hole kernel: [97841.880829] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:55:42:40:00:40:06:ce:81 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21826 DF PROTO=TCP SPT=36657 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0
Mar 10 18:29:31 pi-hole kernel: [97863.530929] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:87:7d:40:00:40:06:9c:46 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34685 DF PROTO=TCP SPT=36658 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0
implying it is blocking incoming TCP packets from 10.1.1.1 going to port 8080.
I tried running ufw reload to no avail. I have also tried allowing 8080 from any IP address, same problem.
I have even completely removed UFW using apt purge ufw and reinstalled and rebuilt my rules, but still get the same issue.
Any ideas?
ufw
asked 5 mins ago
MikeMike
1
New contributor
Mike is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
serverfault.com/q/309691/126632
– Michael Hampton♦
38 secs ago
add a comment |
My current ufw status is as follows. UFW is set to default deny.
[ 1] SSH ALLOW IN 10.1.0.0/16
[ 2] DNS ALLOW IN 10.1.0.0/16
[ 3] DNS ALLOW IN 192.168.0.0/16
[ 4] 1900,3478,10001/udp ALLOW IN 10.1.0.0/16 # UniFi UDP ports
[ 5] 6789,8080,8443,8843,8880,27117/tcp ALLOW IN 10.1.0.0/16 # UniFi TCP ports
[ 6] 5353/udp ALLOW IN 10.1.0.0/16 # Multicast DNS aka Bonjour
So incoming TCP packets to port 8080 from the 10.1.0.0/16 block should all be allowed, but in my ufw.log I see constant repeats of the following:
Mar 10 18:28:48 pi-hole kernel: [97820.380848] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:52:72:40:00:40:06:d1:51 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21106 DF PROTO=TCP SPT=36656 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0
Mar 10 18:29:10 pi-hole kernel: [97841.880829] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:55:42:40:00:40:06:ce:81 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21826 DF PROTO=TCP SPT=36657 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0
Mar 10 18:29:31 pi-hole kernel: [97863.530929] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:87:7d:40:00:40:06:9c:46 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34685 DF PROTO=TCP SPT=36658 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0
implying it is blocking incoming TCP packets from 10.1.1.1 going to port 8080.
I tried running ufw reload to no avail. I have also tried allowing 8080 from any IP address, same problem.
I have even completely removed UFW using apt purge ufw and reinstalled and rebuilt my rules, but still get the same issue.
Any ideas?
ufw
asked 5 mins ago
MikeMike
1
New contributor
Mike is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
My current ufw status is as follows. UFW is set to default deny.
[ 1] SSH ALLOW IN 10.1.0.0/16
[ 2] DNS ALLOW IN 10.1.0.0/16
[ 3] DNS ALLOW IN 192.168.0.0/16
[ 4] 1900,3478,10001/udp ALLOW IN 10.1.0.0/16 # UniFi UDP ports
[ 5] 6789,8080,8443,8843,8880,27117/tcp ALLOW IN 10.1.0.0/16 # UniFi TCP ports
[ 6] 5353/udp ALLOW IN 10.1.0.0/16 # Multicast DNS aka Bonjour
So incoming TCP packets to port 8080 from the 10.1.0.0/16 block should all be allowed, but in my ufw.log I see constant repeats of the following:
Mar 10 18:28:48 pi-hole kernel: [97820.380848] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:52:72:40:00:40:06:d1:51 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21106 DF PROTO=TCP SPT=36656 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0
Mar 10 18:29:10 pi-hole kernel: [97841.880829] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:55:42:40:00:40:06:ce:81 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21826 DF PROTO=TCP SPT=36657 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0
Mar 10 18:29:31 pi-hole kernel: [97863.530929] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:ef:23:6a:b4:fb:e4:28:d2:48:08:00:45:00:00:34:87:7d:40:00:40:06:9c:46 SRC=10.1.1.1 DST=10.1.1.254 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34685 DF PROTO=TCP SPT=36658 DPT=8080 WINDOW=245 RES=0x00 ACK FIN URGP=0
implying it is blocking incoming TCP packets from 10.1.1.1 going to port 8080.
I tried running ufw reload to no avail. I have also tried allowing 8080 from any IP address, same problem.
I have even completely removed UFW using apt purge ufw and reinstalled and rebuilt my rules, but still get the same issue.
Any ideas?
ufw
ufw
asked 5 mins ago
MikeMike
1
New contributor
Mike is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 5 mins ago
MikeMike
1
New contributor
Mike is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 5 mins ago
MikeMike
1
New contributor
Mike is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 5 mins ago
MikeMike
1
asked 5 mins ago
MikeMike
1
1
New contributor
Mike is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Mike is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Mike is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
serverfault.com/q/309691/126632
– Michael Hampton♦
38 secs ago
add a comment |
serverfault.com/q/309691/126632
– Michael Hampton♦
38 secs ago
serverfault.com/q/309691/126632
– Michael Hampton♦
38 secs ago
serverfault.com/q/309691/126632
– Michael Hampton♦
38 secs ago
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Mike is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f957652%2fufw-logging-a-block-on-a-permitted-port%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Mike is a new contributor. Be nice, and check out our Code of Conduct.
Mike is a new contributor. Be nice, and check out our Code of Conduct.
Mike is a new contributor. Be nice, and check out our Code of Conduct.
Mike is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f957652%2fufw-logging-a-block-on-a-permitted-port%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
serverfault.com/q/309691/126632
– Michael Hampton♦
38 secs ago