I've seen some very strange behavior in ufw repeatedly over the past few months. I run Ubuntu 14.01 because it's a server for a 2015 website.
I set some very simple rules after "ufw reset":
Code:
sudo ufw default deny incoming
sudo ufw default deny outgoing
sudo ufw allow from 192.168.1.39 to any port 4200
When I do this, all is well and I see status:
Code:
4200 ALLOW 192.168.1.39
But after about 2 days I see a status change:
Code:
4200 ALLOW 192.168.1.39
4200 ALLOW Anywhere
4200 (v6) ALLOW Anywhere (v6)
I haven't touched the machine, so I don't understand why it's allowing 4200 from/to anywhere now.
If I try to now deny using , I see status:
Code:
4200 ALLOW 192.168.1.39
4200 DENY Anywhere
4200 (v6) DENY Anywhere (v6)
but then the next day it's allowing "4200 Anywhere" again.
Any ideas why it's changing? Has my machine been attacked somehow?
I've attached the iptables file from when it is in the "good" state I first set up.
Bookmarks