2

With UFW, I disabled all outgoing and ingoing traffic by default. However, I do allow port 80 in and out:

  1. sudo ufw default deny incoming (deny all incoming)
  2. sudo ufw default deny outgoing (deny all outgoing)
  3. sudo ufw allow in 80/tcp (accept all incoming tcp from port 80)
  4. sudo ufw allow out 80/tcp (accept all outgoing tcp to port 80)

Yet, the following commands don't seem to work. Could anyone tell me why?

mainuser@saturn101:~/apps/mongodb$ curl http://fastdl.mongodb.org/linux/mongodb-linux-i686-2.0.4-rc1.tgz > mongodb-2.0.4-rc1.tgz

curl: (6) Couldn't resolve host 'fastdl.mongodb.org'

And,

ping google.com
ping: unknown host google.com

And,

sudo apt-get update
Tom
  • 611
  • 2
  • 8
  • 15

2 Answers2

5

The correct syntax would be 

sudo ufw allow out to any port 53

This resolves problem with DNS

Nesha Zoric
  • 151
  • 1
  • 3
4

You didn't enable DNS traffic (TCP/UDP outgoing, port 53) and UDP 1024-65535 outgoing (also required for DNS.

sirsparkythesad
  • 56
  • 1
  • Excellent, apt-get update seems to be working without UDP 1024-65535 outgoing though. When is this really necessary? – Tom Mar 17 '12 at 16:21
  • FYI, I have posted a [follow up question](http://serverfault.com/questions/370743/ufw-iptables-how-to-securely-allow-authenticated-git-access-with-github) – Tom Mar 17 '12 at 17:48
  • Outgoing to port 53 UDP and TCP is sufficient for DNS. Restricting the source to 1024-65535 for this rule is optional. – BillThor Mar 18 '12 at 00:43