ufw interview questions
Top ufw frequently asked interview questions
how i can block outgoing port using of UFW Firewall on Ubuntu 14.04 and also how to change default outgoing allow to deny, because my VPS provider telling me your server ip is will be locked because of outgoing DDoS attacks from your server(IP)
Here is the message form provider
Your failover IPs will be locked because of outgoing DDoS attacks from all of them:
DDOS from IP [myserverip] (attack ID 28010): protocols : udp, targets: [Destination-server-ip]/32, sports: Dynamic (1024-65535), dports: domain
Thanks
Kishor
Source: (StackOverflow)
I added a rule for UFW to deny ssh connections. I want to see on the log /var/log/ufw.log file the fact that the connection was blocked, but when I try to connect with ssh nothing is showed on the log.
Source: (StackOverflow)
Sorry for the long question.
What it means is this:
I am managing a small LAN that is protected by a router.
router 192.168.1.1
server 192.168.1.9
client 192.168.1.2
client 192.168.1.4
Since I have a static IP from my ISP, which is lets say 245.34.344.34, I can access my LAN at that address.
Now, I have set up my router's port forwarding config to this: when I SSH to 245.34.344.34 out from the internet, it forwards it to server 192.168.1.9:22. And when I FTP to 245.34.344.34, forwards it to client 192.168.1.2:21. Fine.
Then, when I am working from within the LAN, on my client 192.168.1.2 computer and that I want to access 192.168.1.9 through FTP, the router tries to forward it back to 192.168.1.2. But I am not sure what is happening.
On server 192.168.1.9 (which runs ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-47-generic i686), when I sudo ufw status
:
To Action From
-- ------ ----
80 ALLOW Anywhere
443 ALLOW Anywhere
22 ALLOW Anywhere
3000 ALLOW Anywhere
21/tcp ALLOW Anywhere
21 ALLOW Anywhere
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
3000 (v6) ALLOW Anywhere (v6)
21/tcp (v6) ALLOW Anywhere (v6)
21 (v6) ALLOW Anywhere (v6)
But if I do nmap localhost
:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
631/tcp open ipp
3306/tcp open mysql
Now on client 192.168.1.2, nmap 192.168.1.9
:
PORT STATE SERVICE
21/tcp closed ftp
22/tcp open ssh
80/tcp open http
443/tcp closed https
3000/tcp closed ppp
It shows that the server's port 21 is closed.
I don't get it.
Can someone please help me understand how to reach my server through FTP from within the LAN?
Thanks
Source: (StackOverflow)
I don't recall a particular change or when exactly I started experiencing this error. I'm running Linux Mint and gufw (Graphical frontend to UFW) will not run. Here is the stack trace and error message I get when trying to try gufw from the command line:
nick-LenovoThinkServer% gufw
Traceback (most recent call last):
File "/usr/share/gufw/gufw/gufw.py", line 21, in
from view.gufw import Gufw
File "/usr/share/gufw/gufw/view/gufw.py", line 19, in
from gi.repository import Gtk, Gdk, WebKit
File "/usr/lib/python2.7/dist-packages/gi/importer.py", line 67, in load_module
dynamic_module._load()
File "/usr/lib/python2.7/dist-packages/gi/module.py", line 296, in _load
self._overrides_module = importlib.import_module('gi.overrides.' + self._namespace)
File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
__import__(name)
File "/usr/lib/python2.7/dist-packages/gi/overrides/Gdk.py", line 157, in
Gdk.EventType._2BUTTON_PRESS = getattr(Gdk.EventType, "2BUTTON_PRESS")
File "/usr/lib/python2.7/dist-packages/gi/module.py", line 170, in __getattr__
setattr(wrapper, value_name, wrapper(value_info.get_value()))
ValueError: invalid enum value: 42
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/gufw/gufw.py", line 21, in
from view.gufw import Gufw
File "/usr/lib/python2.7/site-packages/gufw/view/gufw.py", line 19, in
from gi.repository import Gtk, Gdk, WebKit
File "/usr/lib/python2.7/dist-packages/gi/importer.py", line 67, in load_module
dynamic_module._load()
File "/usr/lib/python2.7/dist-packages/gi/module.py", line 296, in _load
self._overrides_module = importlib.import_module('gi.overrides.' + self._namespace)
File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
__import__(name)
File "/usr/lib/python2.7/dist-packages/gi/overrides/Gdk.py", line 157, in
Gdk.EventType._2BUTTON_PRESS = getattr(Gdk.EventType, "2BUTTON_PRESS")
File "/usr/lib/python2.7/dist-packages/gi/module.py", line 170, in __getattr__
setattr(wrapper, value_name, wrapper(value_info.get_value()))
ValueError: invalid enum value: 42
Things I have tried unsuccessfully: purging the gufw package and reinstalling; building gufw from source; running the python script using python3.4. In the last scenario, it instead complains about that a module Firewall cannot be found. However, running pip install, pip3 install, pip3.4 install all respond indicating that the firewall package is already installed and update to date.
Any ideas? I've looked around a lot for this one but there doesn't seem to be much for this specific problem.
Source: (StackOverflow)
I am a newbie here - so please bear with me.
I have a Ubuntu 14.04 LTS server with multiple instances of Tomcat running at different ports. I am also using UFW firewall.
Problem is that every morning at around 6.15 AM the firewall is automatically disabled. I have no idea why. I don't have any cron jobs that run at this time. Any help in tracking down the cause of this will be super useful.
Thanks in advance!
The /var/log/ufw.log
file always end around 6.15 AM, with the last entries being similar to:
ec 27 06:14:55 dms kernel: [154057.245878] [UFW BLOCK] IN=eth1 OUT= MAC=06:79:3d:42:d0:1a:e4:c7:22:62:83:41:08:00 SRC=209.239.126.100 DST=161.202.27.137 LEN=447 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=5081 DPT=5060 LEN=427
Dec 27 06:15:07 dms kernel: [154068.822699] [UFW BLOCK] IN=eth1 OUT= MAC=06:79:3d:42:d0:1a:e4:c7:22:62:83:41:08:00 SRC=120.41.32.169 DST=161.202.27.137 LEN=40 TOS=0x00 PREC=0x00 TTL=105 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Dec 27 06:15:41 dms kernel: [154103.162158] [UFW BLOCK] IN=eth1 OUT= MAC=06:79:3d:42:d0:1a:e4:c7:22:62:83:41:08:00 SRC=89.248.167.162 DST=161.202.27.137 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=54934 DPT=111 WINDOW=65535 RES=0x00 SYN URGP=0
Source: (StackOverflow)
I'm writing a cookbook for firewall to Ubuntu14.04 by using Chef
.
Berksfile
source "https://api.berkshelf.com"
cookbook 'firewall'
site-cookbooks/ufw/recipes/default.rb
firewall 'ufw'
firewall_rule 'http' do
port 80
end
firewall_rule 'https' do
port 443
end
site-cookbooks/ufw/metadata.rb
depends 'firewall'
nodes/myserver.json
{
"run_list": [
"firewall",
"ufw"
]
}
knife solo cook myserver
ends up with error like this:
Recipe: firewall::default
* firewall[default] action restart
================================================================================
Error executing action `restart` on resource 'firewall[default]'
================================================================================
NoMethodError
-------------
undefined method `include?' for :create:Symbol
Cookbook Trace:
---------------
/home/ironsand/chef-solo/cookbooks-3/firewall/libraries/provider_firewall_ufw.rb:67:in `block (2 levels) in <class:FirewallUfw>'
/home/ironsand/chef-solo/cookbooks-3/firewall/libraries/provider_firewall_ufw.rb:66:in `each'
/home/ironsand/chef-solo/cookbooks-3/firewall/libraries/provider_firewall_ufw.rb:66:in `block in <class:FirewallUfw>'
Resource Declaration:
---------------------
# In /home/ironsand/chef-solo/cookbooks-3/firewall/recipes/default.rb
22: firewall 'default' do
23: ipv6_enabled node['firewall']['ipv6_enabled']
24: action :install
25: end
26:
Compiled Resource:
------------------
# Declared in /home/ironsand/chef-solo/cookbooks-3/firewall/recipes/default.rb:22:in `from_file'
firewall("default") do
action [:install]
updated true
retries 0
retry_delay 2
default_guard_interpreter :default
declared_type :firewall
cookbook_name :firewall
recipe_name "default"
ipv6_enabled true
enabled true
rules {"ufw"=>{}}
end
What I am doing wrong? How can I fix it?
Source: (StackOverflow)
Here are the UFW rules:
To Action From
-- ------ ----
[ 1] Anywhere DENY IN 185.106.92.55
[ 2] Anywhere DENY IN 185.106.92.53
[ 3] Anywhere DENY IN 185.103.252.172
[ 4] Anywhere DENY IN 185.130.4.120
[ 5] Anywhere DENY IN 185.130.252.170
[ 6] Anywhere DENY IN 185.130.252.3
[ 7] Anywhere DENY IN 185.130.4.197
[ 8] 22/tcp ALLOW IN Anywhere
[ 9] 80/tcp ALLOW IN Anywhere
[10] 443/tcp ALLOW IN Anywhere
[11] 22/tcp (v6) ALLOW IN Anywhere (v6)
[12] 80/tcp (v6) ALLOW IN Anywhere (v6)
[13] 443/tcp (v6) ALLOW IN Anywhere (v6)
Here is an access log from the past few seconds (spamming xmlrpc.php):
185.103.252.170 - - [03/May/2016:08:29:23 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.170 - - [03/May/2016:08:29:34 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.170 - - [03/May/2016:08:29:30 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.3 - - [03/May/2016:08:29:24 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.170 - - [03/May/2016:08:29:35 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.170 - - [03/May/2016:08:29:35 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.170 - - [03/May/2016:08:29:35 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.170 - - [03/May/2016:08:29:26 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
62.232.144.150 - - [03/May/2016:08:29:38 +0000] "GET / HTTP/1.1" 301 306 "https://www.google.co.uk/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"
185.103.252.3 - - [03/May/2016:08:29:28 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
- UFW is enabled
- I am not running Docker (known to cause issues)
- UFW has been restarted and the server has been rebooted
Any known issues with UFW here?
Source: (StackOverflow)
I am running simple rails application on ubuntu
and I am using nginx
as my web server. I would like to block all ip address except our office ip address(static ip).
Now I can block ip using nginx
location / {
allow office_ip_address;
deny all;
}
or I can block ip using ufw
uncomplicated firewall.
sudo ufw allow from office_ip_address (will this block all other ip? or do I need some command to block all other ips?)
I would like to know which approach is better? I think it's better to block ip on firewall level so request don't come to our server at all. I am new to setting up servers so please advice me which way is better?
Source: (StackOverflow)
I have created an instance in microsoft azure, Install Apache, PHP , Mysql etc.
Installation done using putty. After installation I was abruptly run UFW, sudo ufw enable After that I cannot connect my server via SSH. How to solve my problem.
Source: (StackOverflow)
I set variables host and port instead of setting the 'address' variable tuple in socket.py. I was unable to get 'address' as a tuple to work. I do not believe this is the issue, but I thought I should state this up front.
FYI, my goal is an integrations project, and I believe I isolated socket.py as the problematic code. socket.py is not creating a listener on the remote server. I run the python script on my client, and my server address is 192.168.1.130 port 7879.
I think socket.py is the problem, because I do not receive the expected print statements back through the console that socket.py is attempting to create a socket. In addition, I can RDC to the server, disable ufw (yes I know this is a bad idea), create a tcp listener, push data through the client socket to the server socket, and verify this with netcat.
Am I mistaken that I should be able to parameterize socket.py with nothing more than a host and port and be able to create a socket connection? I am happy to provide more detail from logs, but I thought I should start with a very high level overview.
Source: (StackOverflow)
My webservers are refusing to connect to the memached server. Both php.ini and memcached.ini are adjusted to the new memcached ip xx.xx.71.5 .
The webservers (xx.xx.13.32 / xx.xx.13.16) are allowed to connect.
To Action From
-- ------ ----
22 ALLOW Anywhere
127.0.0.1 11211/tcp ALLOW 127.0.0.1
127.0.0.1 11211/tcp ALLOW xx.xx.13.16
127.0.0.1 11211/tcp ALLOW xx.xx.13.32
Anywhere ALLOW xx.xx.13.32
Anywhere ALLOW xx.xx.13.16
80/tcp ALLOW Anywhere
Anywhere ALLOW 127.0.0.1
22 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
How is it possible that the webservers can't connect to the memcached server.
telnet xx.xx.71.5 gives me the answer, connection refused.
Source: (StackOverflow)
sudo ufw status
on my Debian server initially showed the following configuration:
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
I've been able to successfully allow http connections via sudo ufw allow http
which yielded the following:
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
80 ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
80 ALLOW Anywhere (v6)
What is the command to reverse this? I've tried sudo ufw deny http
, but now sudo ufw status
is different than originally (it now explicitly lists that http is denied):
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
80 DENY Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
80 DENY Anywhere (v6)
Is this the same as my initial config, or is there a different command to revert sudo ufw allow http
?
Source: (StackOverflow)
I got a Network firewall related issue
While calling one external(third party web service) URL from Ubuntu server. It showing one warning in Apache logs as follows
file_get_contents failed to open stream connection timed out
So after google,I modified php.ini
file allow_url_fopen
,1 and also allow_url_include
,1.
I tried calling throw cURL,But also it thrown same error
And i modified iptable (ufw) data and
ufw allowed in for port 80,443
ufw allowed out for port 80,443
Source: (StackOverflow)
I use sudo ufw insert 1 allow 80
but it results in ERROR: Invalid position '1'
I am sure the syntax is right so why?
Source: (StackOverflow)
I'm working to setup UFW rules via Ansible. I'm able to get it installed, start it and deny everything. I then attempt to allow connections from http, https, and ssh. All attempts to add the allow for those items are met with errors that look like:
failed: [lempy1] (item={u'service': u'http'}) => {"failed": true, "item": {"service": "http"}, "msg": "ERROR: Could not find a profile matching 'http'\n"}
failed: [lempy1] (item={u'service': u'https'}) => {"failed": true, "item": {"service": "https"}, "msg": "ERROR: Could not find a profile matching 'https'\n"}
failed: [lempy1] (item={u'service': u'ssh'}) => {"failed": true, "item": {"service": "ssh"}, "msg": "ERROR: Could not find a profile matching 'ssh'\n"}
The entire role looks like this:
tasks/main.yml
---
- name: Install ufw
apt: name=ufw state=present
tags:
- security
- name: Allow webservery things
ufw:
rule: allow
name: '{{item.service}}'
with_items:
- service: http
- service: https
- service: ssh
tags:
- security
- name: Start ufw
ufw: state=enabled policy=deny
tags:
- security
Any idea why I wouldn't be able to allow these services? I am able to add the services properly when ssh'ing into the server and running sudo ufw allow http
, etc.
Source: (StackOverflow)