Results 1 to 5 of 5

Thread: ufw rationale for blocking ip addresses

  1. #1
    Join Date
    Sep 2016
    Beans
    3

    ufw rationale for blocking ip addresses

    What criteria does ufw follow while blocking certain ip addresses on its own. The reason I am interested is that our squid server has recently started crashing recently on a regular basis. After investigation we realized that, certain IP's were constantly being blocked by ufw on a regular basis. We also realised that after a certain point of time squid crashed. To remedy this we blocked the ip addresses by adding them to the rules in the iptables. We also blocked associated mac addresses. That seems to have helped since our server hasn't crashed now for a day. I did not find anything on the ufw FAQ which says why certain traffic is blocked on its own by ufw. I would grateful if anybody can provide me the answer for the same

  2. #2
    Join Date
    Apr 2005
    Location
    Finland/UK
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: ufw rationale for blocking ip addresses

    As far as I'm aware, none. UFW doesn't come up with any kind of rules on it's own, it only controls traffic based on the rules you give it. So if you had UFW blocking some IP, it would have been because of some rule you've added to UFW.

    (also you are saying that you solved the problem by blocking the addresses, which kind of seems to contradict the idea that addresses being blocked by UFW could have been the issue in the first place?)

    Edit: You might want to post the rules you are using here (or in the security subforum) if you want somebody to be able to say what could be the problem.
    Last edited by mcduck; September 23rd, 2016 at 10:23 PM.

  3. #3
    Join Date
    Dec 2015
    Location
    New England
    Beans
    719
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: ufw rationale for blocking ip addresses

    It's my understanding that UFW is built in to 16.04.1 and comes with a default set of iptables, figured out and set up by Canonical, assuming you use the default Incoming Deny, Outgoing Allow. That are activated once you enable UFW. They are supposed to be good for a home end user.
    - ThinkPad T570-20HA, i7-7600U, 2.8GHz, UEFI/GPT, 16GB, Sammy 256GB M.2 . -
    Ubuntu base "suspend" causes spontaneous restart after shutdown.

  4. #4
    Join Date
    Apr 2005
    Location
    Finland/UK
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: ufw rationale for blocking ip addresses

    those rules are just basic setup you can be assumed to want if you enable a firewall in the first place. So no filtering based on IP or MAC at all, simply "deny all incoming connections & allow all outgoing connections". So using those, UFW will definitely not "block certain IP addresses on it's own".

  5. #5
    Join Date
    Sep 2016
    Beans
    3

    Re: ufw rationale for blocking ip addresses

    No, what is happening is that we allow outgoing and incoming tcp connections as well as ssh connections. So with these rules certain Ip addresses repeatedly show up in the block list. After 15 minutes or so squid crashes and we cannot ssh into it. The moment we add the Ip addresses in the block list, squid doesn't crash till some other IP starts doing the same. Thus my question is on what basis does UFW block these offending IP addresses

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •