Page 1 of 1

Unable to get Firewall to deny/allow any connections

Posted: Sun Feb 03, 2013 6:56 am
by zeldarocks
I recently installed ufw and gufw as the gui; I've attempted to set up my firewall in ufw, but to no avail. It seems like the firewall does not want to block any traffic regardless of the settings. I set it to deny outbound/inbound and I can still access the web without difficulty. What am I missing?

Re: Unable to get Firewall to deny/allow any connections

Posted: Sun Feb 03, 2013 11:02 am
by karlchen
Hello, zeldarocks.

Please, open a terminal window, run the commandline

Code: Select all

sudo ufw status verbose
and post the output here.

Kind regards,
Karl

Re: Unable to get Firewall to deny/allow any connections

Posted: Sun Feb 03, 2013 4:05 pm
by zeldarocks
Status: active
Logging: on (low)
Default: reject (incoming), reject (outgoing)
New profiles: skip

To Action From
-- ------ ----
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
80 ALLOW IN Anywhere (v6)
443 ALLOW IN Anywhere (v6)

I have allowed http and https but blocked all else...

Re: Unable to get Firewall to deny/allow any connections

Posted: Sun Feb 03, 2013 5:20 pm
by karlchen
Hello, zeldarocks.

Firewall software will go through the list of incoming/outgoing rules top down and apply the first matching rule.
Hence, in case the first rule ufw finds is the default rule: deny any incoming and outgoing traffic, it will do so.
Trying to soften this rule later on will not have any effect.
I am afraid you will have to consult the usfw manpages in order to find out how to make sure that the rules are created and stored in this order:

80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
80 ALLOW IN Anywhere (v6)
443 ALLOW IN Anywhere (v6)
reject any other requests

Yet, I am not sure whether blocking absolutely all outgoing packages is really what you want and need.

Karl

Re: Unable to get Firewall to deny/allow any connections

Posted: Sun Feb 03, 2013 5:54 pm
by zeldarocks
That IS the order the rules are in though. Can you elaborate on what needs to be done?

I've been toying around with it since yesterday, yet it won't actually follow directions.

Re: Services Disabled by Default on Mint?

Posted: Mon Feb 04, 2013 9:48 am
by zeldarocks
That reminds me, I'm having problems with ufw; it doesn't want to follow instructions at all. Could you help me?

Firestarter/UFW not working.

Posted: Wed Feb 06, 2013 5:59 pm
by zeldarocks
I'm installed both Firestarter and GUFW, and have been unable to get either of them to work: every time I specify deny/allow, it does not follow through with instructions; as if I had done nothing. I've tried reinstalling, uninstalling, using UFW on its own, and vice versa. I need to get this resolved ASAP.

Re: Firestarter/UFW not working.

Posted: Wed Feb 06, 2013 6:45 pm
by sammiev
You can not use both of those programs together. When you make a change in a firewall you need to reset the firewall so the changes take place. Easiest way is to disable it and then re-enable it.

Re: Services Disabled by Default on Mint?

Posted: Wed Feb 13, 2013 10:01 am
by 3.14159
zeldarocks wrote:That reminds me, I'm having problems with ufw; it doesn't want to follow instructions at all. Could you help me?
Are you making the changes as root (sudo)?

Describe what it is you do and what errors/messages/behaviors you are seeing.