I'm getting too many UFW blocks

Questions about Wi-Fi and other network devices, file sharing, firewalls, connection sharing etc
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
Kyowash

I'm getting too many UFW blocks

Post by Kyowash »

I noticed a lot of UFW BLOCK entries in the /var/log/syslog file:

Code: Select all

Feb 15 19:24:18 linuxmint kernel: [  387.893548] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55738 DF PROTO=TCP SPT=59146 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:24:33 linuxmint kernel: [  402.287662] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31068 DF PROTO=TCP SPT=59147 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:24:39 linuxmint kernel: [  408.077110] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15812 DF PROTO=TCP SPT=59148 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:24:59 linuxmint kernel: [  428.965558] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4259 DF PROTO=TCP SPT=59149 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:25:19 linuxmint kernel: [  448.970117] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52571 DF PROTO=TCP SPT=59150 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:25:40 linuxmint kernel: [  469.039877] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15378 DF PROTO=TCP SPT=59151 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:25:59 linuxmint kernel: [  488.976889] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=42245 DF PROTO=TCP SPT=59152 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:26:19 linuxmint kernel: [  508.949522] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15312 DF PROTO=TCP SPT=59153 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:26:40 linuxmint kernel: [  529.014449] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33868 DF PROTO=TCP SPT=59154 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:27:01 linuxmint kernel: [  550.922648] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29002 DF PROTO=TCP SPT=59155 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:27:21 linuxmint kernel: [  570.855323] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=14124 DF PROTO=TCP SPT=59156 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:27:52 linuxmint kernel: [  601.475590] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63908 DF PROTO=TCP SPT=59157 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:27:52 linuxmint kernel: [  601.830366] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61026 DF PROTO=TCP SPT=59158 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:28:02 linuxmint kernel: [  611.947608] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2582 DF PROTO=TCP SPT=59159 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0
192.168.0.1 is my router's IP address. Rarely the traffic comes from a different address:

Code: Select all

Feb 15 19:18:35 linuxmint kernel: [   44.295124] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC] SRC=69.50.130.31 DST=192.168.0.157 LEN=568 TOS=0x00 PREC=0x00 TTL=48 ID=43558 DF PROTO=TCP SPT=80 DPT=49315 WINDOW=63 RES=0x00 ACK PSH URGP=0
Feb 15 19:18:51 linuxmint kernel: [   60.439163] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC] SRC=69.50.130.31 DST=192.168.0.157 LEN=568 TOS=0x00 PREC=0x00 TTL=48 ID=43559 DF PROTO=TCP SPT=80 DPT=49315 WINDOW=63 RES=0x00 ACK PSH URGP=0
What should I do about it?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Top
littlehuman
Level 1
Level 1
Posts: 48
Joined: Sun Jan 07, 2018 7:41 pm

Re: I'm getting too many UFW blocks

Post by littlehuman »

Regarding the lot of blocked connections from your gateway to your computer on tcp/2869, it might be due to UPnP requests.
You should check your router config and consider disabling UPnP in if you do not absolutely need it, as this can be a security risk.
This should eliminate the above requests from your gateway to your computer.

Here is a good article on this => https://www.howtogeek.com/122487/htg-ex ... rity-risk/
A the bottom of the article, Should You Disable UPnP? explains pretty well whether or not you should disable it and what it implies.
Vs lbh nfxrq Oehpr Fpuarvre gb qrpelcg guvf, ur'q pehfu lbhe fxhyy jvgu uvf ynhtu.
Top
Locked

Return to “Networking”