3

I enabled ufw as a security practice. And let the default setting intact. I noticed that I still be able to access internet using web browser, so I tested the firewall with transmission. Transmission reported the port was closed. Then I allowed the port, and transmission reported it was opened.

This make me confused. Why I still can surf the web when the default setting of firewall denies all incoming traffic of every port? Are there other places for setting?

Thanks.

Tri Quoc Nguyen
  • 99
  • 2
  • 10
  • 2
    You initiate connection from your web browser and the firewall lets that "established" connection to come back to your PC. https://help.ubuntu.com/community/IptablesHowTo – mbiber Jan 14 '16 at 13:09
  • 3
    Yes, that is normal. Transmission does not initiate connection towards some other peer, it just listens for it so its port needs to be allowed in firewall. Set default-deny for outgoing and you'll block all traffic. It's a statefull firewall so it knows what state the connections are in. Based on that it filters them. https://en.wikipedia.org/wiki/Stateful_firewall – mbiber Jan 14 '16 at 13:15
  • 2
    UFW blocks incoming connections not incoming data. If you are running an apache server, you should not be able to access it on port 80 from another computer. – mchid Jan 15 '16 at 03:39

1 Answers1

1

Your web browser initiate outgoing connection. Ufw by default is blocking incoming connection. If you want block all web browser traffic you could add this rule: 

sudo ufw deny out http  
sudo ufw deny out https

Or you can change default policy to deny outgoing :

sudo ufw default deny outgoing

Now all your outgoing traffic will be blocked, until you allow something by the rule

EdiD
  • 4,457
  • 3
  • 26
  • 41