Whitelisting internet on computer with ufw

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
User avatar
futanari
Level 1
Level 1
Posts: 17
Joined: Mon Feb 08, 2016 8:25 am

Whitelisting internet on computer with ufw

Post by futanari » Fri Jul 27, 2018 7:09 pm

Hi,

I try to whitelist my computer but I don't know what I do wrong.

I use the following commands to black off the internet completely

Code: Select all

ufw deny out https
ufw deny out http
ufw deny https
ufw deny http
Next I whitelist the IPs I want, and I put them above the deny

sudo ufw status gives this:

Code: Select all

To                         Action      From
--                         ------      ----
Anywhere                   ALLOW       censored IP/24          
Anywhere                   ALLOW       censored IP/24           
Anywhere                   ALLOW       censored IP/24         
80/tcp                     DENY        Anywhere                  
443/tcp                    DENY        Anywhere                  
80/tcp (v6)                DENY        Anywhere (v6)             
443/tcp (v6)               DENY        Anywhere (v6) 

Code: Select all

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   ALLOW OUT   censored IP/24           (out)
[ 2] Anywhere                   ALLOW IN    censored IP/24          
[ 3] Anywhere                   ALLOW OUT   censored IP/24           (out)
[ 4] Anywhere                   ALLOW OUT   censored IP/24            (out)
[ 5] Anywhere                   ALLOW IN    censored IP/24           
[ 6] Anywhere                   ALLOW IN    censored IP/24          
[ 7] 80/tcp                     DENY IN     Anywhere                  
[ 8] 443/tcp                    DENY IN     Anywhere                  
[ 9] 443/tcp                    DENY OUT   Anywhere                   (out)
[10] 80/tcp                     DENY OUT   Anywhere                   (out)
[11] 80/tcp (v6)                DENY IN     Anywhere (v6)             
[12] 443/tcp (v6)               DENY IN     Anywhere (v6)             
[13] 443/tcp (v6)               DENY OUT   Anywhere (v6)              (out)
[14] 80/tcp (v6)                DENY OUT   Anywhere (v6)              (out)
All internet is blocked, but the sites I whitelisted are still not accessible. What do I do wrong?
Linux Rosa Mint 17.3 XFCE:
  • CPU: Single Core Intel Pentium M
    Speed: 1700 MHz
    Memory: 494.2 MB
    HDD: 80.0 GB

DAMIEN1307
Level 5
Level 5
Posts: 979
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico

Re: Whitelisting internet on computer with ufw

Post by DAMIEN1307 » Fri Jul 27, 2018 9:49 pm

it seems that you have denied all outgoing http and https...really, unless you are doing very secret confidential government work, why did you just not use the actual ufw interface and just simply select either home or public profile,... incoming, deny...outgoing, allow...for 99% of users, that really should be all you need to do...and if your behind a router with built in firewall, its not necessary to even use the ufw at all since by default it is off meaning when off linux is built not to even "listen" at the ports...DAMIEN
ORDO AB CHAO

Post Reply

Return to “Other networking topics”