Basically, have a UFW rule to allow from 10.x.x.x on port 8080 (tomcat)

10.x.x.x is the load balancer server. I've noticed SYN attempts being blocked every 30sec or less. Presumably because UFW just sees the one IP and detects it as a DoS attempt.

How do I tell UFW (probably in before.rules) to just allow these connections.

I use these 2 rules on my hosted system:

ufw allow in on eth1 from 10.0.0.0/8
ufw allow in on eth0 from 10.0.0.0/8

Hope that helps.

I believe you can add rules on the /etc/ufw/before.rules

See on the syntax here (more like iptables) https://help.ubuntu.com/community/UFW

Thanks, still think that the limit of 3, burst 10 must be having some sort of impact.