3

I have UFW instaled and configured like that.

80                         ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
443/udp                    ALLOW       Anywhere

80 (v6)                    ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)
443/udp (v6)               ALLOW       Anywhere (v6)

And i'm getting this log in /var/log/syslog

Jan 14 16:06:03 mymachine kernel: [ 2108.808970] [UFW BLOCK] IN=eth0 OUT= MAC=52:3f:93:17:6d:bb:40:a6:77:34:67:f0:08:00 SRC=107.201.193.137 DST=125.124.235.79 LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=16935 DF PROTO=TCP SPT=57973 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0

Thomas
  • 6,223
Ebmoya
  • 31
  • Can you please post all your rules ? Order matters. 443 allow is the same as the 2 rules accepting tcp and udp both – Panther Jan 14 '18 at 16:14
  • Anywhere ALLOW !.!.!.! /// My own ip, hidden here for security options 80 ALLOW Anywhere 443/tcp ALLOW Anywhere 443/udp ALLOW Anywhere 443 ALLOW Anywhere 80 (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) 443/udp (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6) – Ebmoya Jan 14 '18 at 16:27
  • i add /tcp and /udp specific, after read a post recommendig that – Ebmoya Jan 14 '18 at 16:28
  • port 443 (https) uses only tcp , so the udp rule does not add anything, or if anything just makes your rule list longer. Please edit your question and add the output of : sudo ufw show added . If the output is long, use pastebin https://help.ubuntu.com/community/Pastebinit – Panther Jan 14 '18 at 16:43
  • Also, hiding your ip does not really add much if anything to security these days. But if you really must hide it, edit your question to remove it from the output of your logs. I bolded it for you, so you can spot it in the future, but you can xxxxx it out if you must. I also showed you where 443 is using TCP. – Panther Jan 14 '18 at 16:45
  • sudo ufw show added

    ufw allow from xxxxxxxxxxxx ufw allow 80 ufw allow 443 ufw allow 443/tcp ufw allow 443/udp

     – Ebmoya Jan 14 '18 at 16:58
  • The rules are working fine in general, but some packets to DPT=443 are been blocked, but not all traffic to this port. – Ebmoya Jan 14 '18 at 17:00
  • The packets must have been blocked by some default rule in ufw than. Hard to say . You can list and review all the rules with sudo iptables -L – Panther Jan 14 '18 at 17:10

0 Answers0