[Cialug] ufw not working
Barry Von Ahsen
vonahsen at gmail.com
Thu Oct 12 14:02:27 UTC 2023
Yeah, where does the ufw-user-input chain get called in the iptables output?
On a system I have with fail2ban, the very first iptables rules are the various fail2ban jails, then my own iptables rules
-barry
> On Oct 11, 2023, at 21:54, David Champion <dchamp1337 at gmail.com> wrote:
>
> Would guess it's an order issue - that drop rule needs to appear before
> anything that would have allowed it in.
>
> -dc
>
>
> On Wed, Oct 11, 2023 at 6:09 PM L. V. Lammert <lvl at omnitec.net> wrote:
>
>> Installed ufw on a Debian 10 box to permanently block some of the
>> malicious traffic appearing in fail2ban.
>>
>> Unfortunately, even with a ban at the very top, traffic does not get
>> rejected:
>>
>> # ufw status
>> Status: active
>>
>> To Action From
>> -- ------ ----
>> Anywhere DENY 108.165.188.68
>> 80 ALLOW Anywhere
>> 25 ALLOW Anywhere
>> 53 ALLOW Anywhere
>> 2206 ALLOW Anywhere
>> 443 ALLOW Anywhere
>>
>> The ban DOES appear in iptables:
>>
>> Chain ufw-user-input (1 references)
>> pkts bytes target prot opt in out source
>> destination
>> 0 0 DROP all -- * * 108.165.188.68
>> 0.0.0.0/0
>>
>> But, as shown, it has not blocked any traffic at all - almost like the
>> ufw-user-input chain is never seeing traffic.
>>
>> Is there something special required when installing ufw to activate those
>> chains?
>>
>> TIA!
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
More information about the Cialug
mailing list