Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ufw]

Uncomplicated Firewall is a firewall configuration tool for Linux. It acts as a frontend to iptables. Originally designed for Ubuntu, it is available on many Linux distributions.

Uncomplicated Firewall is a firewall configuration tool for Linux. It acts as a frontend to iptables. Originally designed for Ubuntu, it is available on many Linux distributions.

479 questions
5
votes
2 answers

Which UFW messages can logcheck safely ignore?

Logcheck currently sends lots of emails with messages like this Jun 6 19:31:44 kernel: [UFW BLOCK] IN=eth0 OUT= MAC= SRC= DST= LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=28729 DF PROTO=TCP SPT=56681…
Enrico
  • 491
  • 2
  • 6
  • 15
5
votes
1 answer

What's the effect of iptables/ufw deny filters on server load?

I'm wondering how scalable it is to add IP addresses or subranges I want to block into ufw. E.g., I do this whenever I discover a particularly bad bot or server farm. As my list grows, I wonder how much overhead I'm placing on the system; because…
Dogweather
  • 295
  • 1
  • 7
4
votes
2 answers

Port 22 blocked on AWS instance, can't SSH

I enabled UFW on my ec2 instance and followed the following steps: abhi@my-ip-address:~$ sudo ufw default deny incoming abhi@my-ip-address:~$ sudo ufw allow 2200/tcp abhi@my-ip-address:~$ sudo ufw allow 80/tcp abhi@my-ip-address:~$ sudo ufw allow…
Abhishek Ghosh
  • 143
  • 1
  • 5
4
votes
1 answer

ufw reset vs. disable / enable

When is it appropriate to ufw reload versus ufw disable && ufw enable, and vice versa? The reason for asking: According to the ufw man page, "reload reloads firewall." However, documentation provided by the community (e.g., here, here, and here),…
kkurian
  • 173
  • 1
  • 9
4
votes
1 answer

How to block an attack on Wordpress using UFW on Ubuntu server?

On ny Ubuntu 14 box I have weird activity looking like attack on Wordpress page. Apache log shows a lot's of this: 191.96.249.54 - - [25/May/2016:00:46:57 +0200] "POST /xmlrpc.php HTTP/1.0" 500 585 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT…
Kornel
  • 119
  • 2
  • 10
4
votes
1 answer

How to configure postfix with ufw so that my web server can send email but it doesn't act as an open relay?

According to this guide: It is important to secure your server and make sure that Postfix is not configured as an open relay. It links to another guide which suggests using UFW as a firewall. I'm running Apache on Ubuntu with a PHP application…
Highly Irregular
  • 214
  • 1
  • 3
  • 9
4
votes
3 answers

UFW - deny outbound except for apt-get updates?

What combination of UFW rules would deny all outbound connections except for those which are required to install Ubuntu security updates?
OJW
  • 259
  • 2
  • 4
  • 15
4
votes
1 answer

UFW - can I add a domain?

This will work fro the docs: sudo ufw allow proto tcp from 192.168.0.2 to any port 22 But..will this work? sudo ufw allow proto tcp from foo.bar.com to any port 22 I am using ubuntu 12.04
Tampa
  • 338
  • 2
  • 8
  • 17
4
votes
5 answers

ufw blocking apt

I have the same Problem as described here, but the given solution doesnt work for me: ufw blocking apt and dns When I add the rule ufw deny out to any, and add the port 80, 443/tcp, ssh-port as exceptions, and then add iptables -A INPUT -m state…
Katai
  • 185
  • 1
  • 3
  • 12
4
votes
1 answer

How to place a virtual machine in DMZ?

I have an Ubuntu 12.04 server running few virtual machines with KVM. I would like to expose some of these virtual machines on the internet, to make it possible for customers to test the products we're developing and make available other products for…
Giordano
  • 309
  • 1
  • 3
  • 9
4
votes
3 answers

Disable connection tracking with UFW for port 80

During load testing my server is dropping packets due to "connection tracking" way before it's running out of resources. I'm using Ubuntu Jaunty with ufw. In my syslog I get: ip_conntrack: table full, dropping packet. I looked at upping the max…
reconbot
  • 2,455
  • 3
  • 25
  • 30
4
votes
2 answers

UFW/IPTables: how to securely allow authenticated git access with github

This is how I setup my iptables with UFW: sudo ufw default deny incoming (deny all incoming) sudo ufw default deny outgoing (deny all outgoing) sudo ufw allow out 53 (accept outgoing DNS traffic, both tcp and udp) sudo ufw allow in 80/tcp (accept…
Tom
  • 611
  • 2
  • 8
  • 15
4
votes
2 answers

Can ufw on a kvm host restrict traffic to guests?

I've set up a number of guests running on kvm on Ubuntu. Network access for the guests is via network bridge with br0 sitting on top of eth0. I have ufw running on the host machine and this is restricting traffic to the host. Is there a way to make…
tooba
  • 197
  • 1
  • 6
4
votes
3 answers

Turning on UFW stops my e-mail client functioning (both imap and smtp) even though they are allowed?

I am using ubuntu 10.04 on a VPS. Without enabling UFW everythign works fine - imap using port 143. And sends emails using smtp port 587. However, when I turn on UFW a lot of problems are encountered. Email fails, ssh log ins are very slow, and…
NimChimpsky
  • 460
  • 2
  • 5
  • 18
4
votes
0 answers

ufw deny all incoming and outgoing not working!

I'm sure I'm doing something wrong. I'm expecting my current rules of "denying all incoming/outgoing" to cripple anything network related, but it's not. First, I did: sudo ufw default deny incoming sudo ufw default deny outgoing And then I…
sybind
  • 327
  • 1
  • 4
  • 14
1 2 3
31 32