Results 1 to 4 of 4

Thread: UFW settings

  1. #1
    Join Date
    Sep 2006
    Location
    Florida
    Beans
    187
    Distro
    Ubuntu

    Question UFW settings

    Hello, I have an old desktop with Ubuntu server 10.04 LTS. Its being utilized as my home network file server.

    I'm seeing some log activity from UFW, and I'm not sure what settings I should apply to my firewall.

    Log snippet:
    Code:
    Mar 10 02:17:56 odin kernel: [876091.990704] [UFW BLOCK] IN= OUT=eth0 SRC=192.168.1.15 DST=192.168.1.255 LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=213
    Mar 10 02:29:59 odin kernel: [876814.760181] [UFW BLOCK] IN= OUT=eth0 SRC=192.168.1.15 DST=192.168.1.255 LEN=256 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=236
    Mar 10 02:29:59 odin kernel: [876814.760311] [UFW BLOCK] IN= OUT=eth0 SRC=192.168.1.15 DST=192.168.1.255 LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=213
    Mar 10 02:41:59 odin kernel: [877535.480122] [UFW BLOCK] IN= OUT=eth0 SRC=192.168.1.15 DST=192.168.1.255 LEN=256 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=236
    Mar 10 02:41:59 odin kernel: [877535.480253] [UFW BLOCK] IN= OUT=eth0 SRC=192.168.1.15 DST=192.168.1.255 LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=213
    Current UFW setting as seen with: ufw status verbose
    Code:
    Status: active
    Logging: on (low)
    Default: deny (incoming), deny (outgoing)
    New profiles: skip
    
    To                         Action      From
    --                         ------      ----
    22                         LIMIT IN    Anywhere
    192.168.1.15 135/tcp       ALLOW IN    192.168.1.0/24
    192.168.1.15 137/udp       ALLOW IN    192.168.1.0/24
    192.168.1.15 138/udp       ALLOW IN    192.168.1.0/24
    192.168.1.15 139/tcp       ALLOW IN    192.168.1.0/24
    192.168.1.15 445/tcp       ALLOW IN    192.168.1.0/24
    192.168.1.15 22/tcp        ALLOW IN    192.168.1.0/24
    53/udp                     ALLOW IN    Anywhere
    53/tcp                     ALLOW IN    Anywhere
    443/tcp                    ALLOW IN    Anywhere
    443/udp                    ALLOW IN    Anywhere
    123/tcp                    ALLOW IN    Anywhere
    123/udp                    ALLOW IN    Anywhere
    80/udp                     ALLOW IN    Anywhere
    80/tcp                     ALLOW IN    Anywhere
    
    53/udp                     ALLOW OUT   Anywhere
    53/tcp                     ALLOW OUT   Anywhere
    80/tcp                     ALLOW OUT   Anywhere
    80/udp                     ALLOW OUT   Anywhere
    443/udp                    ALLOW OUT   Anywhere
    443/tcp                    ALLOW OUT   Anywhere
    123/tcp                    ALLOW OUT   Anywhere
    123/udp                    ALLOW OUT   Anywhere
    I would appreciate any feedback on this.

    Thanks!
    Never let a computer know you’re in a hurry.

  2. #2
    Join Date
    Sep 2006
    Location
    Florida
    Beans
    187
    Distro
    Ubuntu

    Re: UFW settings

    It looks like maybe I should add:

    ufw allow out proto tcp from 192.168.1.0/24 to 192.168.1.0/24 port 138
    Last edited by Loki57701; March 10th, 2012 at 09:44 AM.
    Never let a computer know you’re in a hurry.

  3. #3
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: UFW settings

    Quote Originally Posted by Loki57701 View Post
    It looks like maybe I should add:

    ufw allow out proto tcp from 192.168.1.0/24 to 192.168.1.0/24 port 138

    That's broadcast traffic (hence the 192.168.1.255 address it's traffic bound for all machines on the subnet.

    This is not necessarily something that is needed and you don't have to allow it if you don't want to. Also if you did want to allow it you need to change your command to

    Code:
    ufw allow out proto udp from 192.168.1.0/24 to 192.168.0/24 port 138
    That traffic is UDP not TCP.

    Hope this helps.

  4. #4
    Join Date
    Sep 2006
    Location
    Florida
    Beans
    187
    Distro
    Ubuntu

    Re: UFW settings

    Thank you Dangertux, I didn't catch that tcp/udp mix up.

    I've added the firewall rule and now my syslog isn't filling up with errors.

    I appreciate the help!
    Never let a computer know you’re in a hurry.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •