EzDevInfo.com

ufw interview questions

Top ufw frequently asked interview questions

How to Block outgoing port on UFW Firewall on Ubuntu 14.04

how i can block outgoing port using of UFW Firewall on Ubuntu 14.04 and also how to change default outgoing allow to deny, because my VPS provider telling me your server ip is will be locked because of outgoing DDoS attacks from your server(IP)

Here is the message form provider

Your failover IPs will be locked because of outgoing DDoS attacks from all of them:

DDOS from IP [myserverip] (attack ID 28010): protocols : udp, targets: [Destination-server-ip]/32, sports: Dynamic (1024-65535), dports: domain 

Thanks Kishor


Source: (StackOverflow)

UFW don't log ssh connection

I added a rule for UFW to deny ssh connections. I want to see on the log /var/log/ufw.log file the fact that the connection was blocked, but when I try to connect with ssh nothing is showed on the log.


Source: (StackOverflow)

Advertisements

How to connect to ftp server from within LAN when the router port-forwards external connection away from it [closed]

Sorry for the long question.

What it means is this: I am managing a small LAN that is protected by a router.

router     192.168.1.1
server     192.168.1.9
client     192.168.1.2
client     192.168.1.4

Since I have a static IP from my ISP, which is lets say 245.34.344.34, I can access my LAN at that address.

Now, I have set up my router's port forwarding config to this: when I SSH to 245.34.344.34 out from the internet, it forwards it to server 192.168.1.9:22. And when I FTP to 245.34.344.34, forwards it to client 192.168.1.2:21. Fine.

Then, when I am working from within the LAN, on my client 192.168.1.2 computer and that I want to access 192.168.1.9 through FTP, the router tries to forward it back to 192.168.1.2. But I am not sure what is happening.

On server 192.168.1.9 (which runs ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-47-generic i686), when I sudo ufw status:

To                         Action      From
--                         ------      ----
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
22                         ALLOW       Anywhere
3000                       ALLOW       Anywhere
21/tcp                     ALLOW       Anywhere
21                         ALLOW       Anywhere
80 (v6)                    ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
22 (v6)                    ALLOW       Anywhere (v6)
3000 (v6)                  ALLOW       Anywhere (v6)
21/tcp (v6)                ALLOW       Anywhere (v6)
21 (v6)                    ALLOW       Anywhere (v6)

But if I do nmap localhost:

PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
631/tcp  open  ipp
3306/tcp open  mysql

Now on client 192.168.1.2, nmap 192.168.1.9:

PORT     STATE  SERVICE
21/tcp   closed ftp
22/tcp   open   ssh
80/tcp   open   http
443/tcp  closed https
3000/tcp closed ppp

It shows that the server's port 21 is closed.

I don't get it.

Can someone please help me understand how to reach my server through FTP from within the LAN?

Thanks


Source: (StackOverflow)

gufw - ValueError: invalid enum value: 42

I don't recall a particular change or when exactly I started experiencing this error. I'm running Linux Mint and gufw (Graphical frontend to UFW) will not run. Here is the stack trace and error message I get when trying to try gufw from the command line:


    nick-LenovoThinkServer% gufw
    Traceback (most recent call last):
      File "/usr/share/gufw/gufw/gufw.py", line 21, in 
        from view.gufw  import Gufw
      File "/usr/share/gufw/gufw/view/gufw.py", line 19, in 
        from gi.repository import Gtk, Gdk, WebKit
      File "/usr/lib/python2.7/dist-packages/gi/importer.py", line 67, in load_module
        dynamic_module._load()
      File "/usr/lib/python2.7/dist-packages/gi/module.py", line 296, in _load
        self._overrides_module = importlib.import_module('gi.overrides.' + self._namespace)
      File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
        __import__(name)
      File "/usr/lib/python2.7/dist-packages/gi/overrides/Gdk.py", line 157, in 
        Gdk.EventType._2BUTTON_PRESS = getattr(Gdk.EventType, "2BUTTON_PRESS")
      File "/usr/lib/python2.7/dist-packages/gi/module.py", line 170, in __getattr__
        setattr(wrapper, value_name, wrapper(value_info.get_value()))
    ValueError: invalid enum value: 42
    Traceback (most recent call last):
      File "/usr/lib/python2.7/site-packages/gufw/gufw.py", line 21, in 
        from view.gufw  import Gufw
      File "/usr/lib/python2.7/site-packages/gufw/view/gufw.py", line 19, in 
        from gi.repository import Gtk, Gdk, WebKit
      File "/usr/lib/python2.7/dist-packages/gi/importer.py", line 67, in load_module
        dynamic_module._load()
      File "/usr/lib/python2.7/dist-packages/gi/module.py", line 296, in _load
        self._overrides_module = importlib.import_module('gi.overrides.' + self._namespace)
      File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
        __import__(name)
      File "/usr/lib/python2.7/dist-packages/gi/overrides/Gdk.py", line 157, in 
        Gdk.EventType._2BUTTON_PRESS = getattr(Gdk.EventType, "2BUTTON_PRESS")
      File "/usr/lib/python2.7/dist-packages/gi/module.py", line 170, in __getattr__
        setattr(wrapper, value_name, wrapper(value_info.get_value()))
    ValueError: invalid enum value: 42

Things I have tried unsuccessfully: purging the gufw package and reinstalling; building gufw from source; running the python script using python3.4. In the last scenario, it instead complains about that a module Firewall cannot be found. However, running pip install, pip3 install, pip3.4 install all respond indicating that the firewall package is already installed and update to date.

Any ideas? I've looked around a lot for this one but there doesn't seem to be much for this specific problem.


Source: (StackOverflow)

UFW keeps getting automatically disabled every morning

I am a newbie here - so please bear with me.

I have a Ubuntu 14.04 LTS server with multiple instances of Tomcat running at different ports. I am also using UFW firewall.

Problem is that every morning at around 6.15 AM the firewall is automatically disabled. I have no idea why. I don't have any cron jobs that run at this time. Any help in tracking down the cause of this will be super useful.

Thanks in advance!

The /var/log/ufw.log file always end around 6.15 AM, with the last entries being similar to:

ec 27 06:14:55 dms kernel: [154057.245878] [UFW BLOCK] IN=eth1 OUT= MAC=06:79:3d:42:d0:1a:e4:c7:22:62:83:41:08:00 SRC=209.239.126.100 DST=161.202.27.137 LEN=447 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=5081 DPT=5060 LEN=427 Dec 27 06:15:07 dms kernel: [154068.822699] [UFW BLOCK] IN=eth1 OUT= MAC=06:79:3d:42:d0:1a:e4:c7:22:62:83:41:08:00 SRC=120.41.32.169 DST=161.202.27.137 LEN=40 TOS=0x00 PREC=0x00 TTL=105 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 Dec 27 06:15:41 dms kernel: [154103.162158] [UFW BLOCK] IN=eth1 OUT= MAC=06:79:3d:42:d0:1a:e4:c7:22:62:83:41:08:00 SRC=89.248.167.162 DST=161.202.27.137 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=54934 DPT=111 WINDOW=65535 RES=0x00 SYN URGP=0


Source: (StackOverflow)

Can't restart firewall by using Chef

I'm writing a cookbook for firewall to Ubuntu14.04 by using Chef.

Berksfile

source "https://api.berkshelf.com"

cookbook 'firewall'

site-cookbooks/ufw/recipes/default.rb

firewall 'ufw'

firewall_rule 'http' do
  port 80
end

firewall_rule 'https' do
  port 443
end

site-cookbooks/ufw/metadata.rb

depends 'firewall'

nodes/myserver.json

{
    "run_list": [
        "firewall",
        "ufw"
    ]
}

knife solo cook myserver ends up with error like this:

Recipe: firewall::default
  * firewall[default] action restart

    ================================================================================
    Error executing action `restart` on resource 'firewall[default]'
    ================================================================================

    NoMethodError
    -------------
    undefined method `include?' for :create:Symbol

    Cookbook Trace:
    ---------------
    /home/ironsand/chef-solo/cookbooks-3/firewall/libraries/provider_firewall_ufw.rb:67:in `block (2 levels) in <class:FirewallUfw>'
    /home/ironsand/chef-solo/cookbooks-3/firewall/libraries/provider_firewall_ufw.rb:66:in `each'
    /home/ironsand/chef-solo/cookbooks-3/firewall/libraries/provider_firewall_ufw.rb:66:in `block in <class:FirewallUfw>'

    Resource Declaration:
    ---------------------
    # In /home/ironsand/chef-solo/cookbooks-3/firewall/recipes/default.rb

     22: firewall 'default' do
     23:   ipv6_enabled node['firewall']['ipv6_enabled']
     24:   action :install
     25: end
     26:

    Compiled Resource:
    ------------------
    # Declared in /home/ironsand/chef-solo/cookbooks-3/firewall/recipes/default.rb:22:in `from_file'

    firewall("default") do
      action [:install]
      updated true
      retries 0
      retry_delay 2
      default_guard_interpreter :default
      declared_type :firewall
      cookbook_name :firewall
      recipe_name "default"
      ipv6_enabled true
      enabled true
      rules {"ufw"=>{}}
    end

What I am doing wrong? How can I fix it?


Source: (StackOverflow)

Linux Ubuntu UFW (Uncomplicated Firewall) Not Following Rules I've Set

Here are the UFW rules:

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   DENY IN     185.106.92.55
[ 2] Anywhere                   DENY IN     185.106.92.53
[ 3] Anywhere                   DENY IN     185.103.252.172
[ 4] Anywhere                   DENY IN     185.130.4.120
[ 5] Anywhere                   DENY IN     185.130.252.170
[ 6] Anywhere                   DENY IN     185.130.252.3
[ 7] Anywhere                   DENY IN     185.130.4.197
[ 8] 22/tcp                     ALLOW IN    Anywhere
[ 9] 80/tcp                     ALLOW IN    Anywhere
[10] 443/tcp                    ALLOW IN    Anywhere
[11] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[12] 80/tcp (v6)                ALLOW IN    Anywhere (v6)
[13] 443/tcp (v6)               ALLOW IN    Anywhere (v6)

Here is an access log from the past few seconds (spamming xmlrpc.php):

185.103.252.170 - - [03/May/2016:08:29:23 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.170 - - [03/May/2016:08:29:34 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.170 - - [03/May/2016:08:29:30 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.3 - - [03/May/2016:08:29:24 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.170 - - [03/May/2016:08:29:35 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.170 - - [03/May/2016:08:29:35 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.170 - - [03/May/2016:08:29:35 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
185.103.252.170 - - [03/May/2016:08:29:26 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
62.232.144.150 - - [03/May/2016:08:29:38 +0000] "GET / HTTP/1.1" 301 306 "https://www.google.co.uk/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"
185.103.252.3 - - [03/May/2016:08:29:28 +0000] "POST /xmlrpc.php HTTP/1.0" 200 613 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
  • UFW is enabled
  • I am not running Docker (known to cause issues)
  • UFW has been restarted and the server has been rebooted

Any known issues with UFW here?


Source: (StackOverflow)

I want to block all ip address except office ip

I am running simple rails application on ubuntu and I am using nginx as my web server. I would like to block all ip address except our office ip address(static ip).

Now I can block ip using nginx

location / {
   allow office_ip_address;
   deny  all;
}

or I can block ip using ufw uncomplicated firewall.

sudo ufw allow from office_ip_address (will this block all other ip? or do I need some command to block all other ips?)

I would like to know which approach is better? I think it's better to block ip on firewall level so request don't come to our server at all. I am new to setting up servers so please advice me which way is better?


Source: (StackOverflow)

Microsoft Azure Failed to connect via ssh

I have created an instance in microsoft azure, Install Apache, PHP , Mysql etc. Installation done using putty. After installation I was abruptly run UFW, sudo ufw enable After that I cannot connect my server via SSH. How to solve my problem.


Source: (StackOverflow)

socket.py not creating listener on server

I set variables host and port instead of setting the 'address' variable tuple in socket.py. I was unable to get 'address' as a tuple to work. I do not believe this is the issue, but I thought I should state this up front.

FYI, my goal is an integrations project, and I believe I isolated socket.py as the problematic code. socket.py is not creating a listener on the remote server. I run the python script on my client, and my server address is 192.168.1.130 port 7879.

I think socket.py is the problem, because I do not receive the expected print statements back through the console that socket.py is attempting to create a socket. In addition, I can RDC to the server, disable ufw (yes I know this is a bad idea), create a tcp listener, push data through the client socket to the server socket, and verify this with netcat.

Am I mistaken that I should be able to parameterize socket.py with nothing more than a host and port and be able to create a socket connection? I am happy to provide more detail from logs, but I thought I should start with a very high level overview.


Source: (StackOverflow)

Memcached server refuses connections

My webservers are refusing to connect to the memached server. Both php.ini and memcached.ini are adjusted to the new memcached ip xx.xx.71.5 .

The webservers (xx.xx.13.32 / xx.xx.13.16) are allowed to connect.

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
127.0.0.1 11211/tcp        ALLOW       127.0.0.1
127.0.0.1 11211/tcp        ALLOW       xx.xx.13.16
127.0.0.1 11211/tcp        ALLOW       xx.xx.13.32
Anywhere                   ALLOW       xx.xx.13.32
Anywhere                   ALLOW       xx.xx.13.16
80/tcp                     ALLOW       Anywhere
Anywhere                   ALLOW       127.0.0.1
22 (v6)                    ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)

How is it possible that the webservers can't connect to the memcached server.

telnet xx.xx.71.5 gives me the answer, connection refused.


Source: (StackOverflow)

How do I revert a ufw command? [closed]

sudo ufw status on my Debian server initially showed the following configuration:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)

I've been able to successfully allow http connections via sudo ufw allow http which yielded the following:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
80                         ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
80                         ALLOW       Anywhere (v6)

What is the command to reverse this? I've tried sudo ufw deny http, but now sudo ufw status is different than originally (it now explicitly lists that http is denied):

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
80                         DENY        Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
80                         DENY        Anywhere (v6)

Is this the same as my initial config, or is there a different command to revert sudo ufw allow http?


Source: (StackOverflow)

Ubuntu ufw external url calling

I got a Network firewall related issue

While calling one external(third party web service) URL from Ubuntu server. It showing one warning in Apache logs as follows

file_get_contents failed to open stream connection timed out

So after google,I modified php.ini file allow_url_fopen,1 and also allow_url_include,1.

I tried calling throw cURL,But also it thrown same error

And i modified iptable (ufw) data and

ufw allowed in for port 80,443
ufw allowed out for port 80,443

Source: (StackOverflow)

UFW insert [number] throws error

I use sudo ufw insert 1 allow 80 but it results in ERROR: Invalid position '1' I am sure the syntax is right so why?


Source: (StackOverflow)

Ansible ufw module ERROR: Could not find a profile matching 'xxxxx'

I'm working to setup UFW rules via Ansible. I'm able to get it installed, start it and deny everything. I then attempt to allow connections from http, https, and ssh. All attempts to add the allow for those items are met with errors that look like:

failed: [lempy1] (item={u'service': u'http'}) => {"failed": true, "item": {"service": "http"}, "msg": "ERROR: Could not find a profile matching 'http'\n"}
failed: [lempy1] (item={u'service': u'https'}) => {"failed": true, "item": {"service": "https"}, "msg": "ERROR: Could not find a profile matching 'https'\n"}
failed: [lempy1] (item={u'service': u'ssh'}) => {"failed": true, "item": {"service": "ssh"}, "msg": "ERROR: Could not find a profile matching 'ssh'\n"}

The entire role looks like this:

tasks/main.yml

     ---
    - name: Install ufw
      apt: name=ufw state=present
      tags:
        - security

    - name: Allow webservery things
      ufw:
        rule: allow
        name: '{{item.service}}'
      with_items:
        - service: http
        - service: https
        - service: ssh
      tags:
        - security

    - name: Start ufw
      ufw: state=enabled policy=deny
      tags:
        - security

Any idea why I wouldn't be able to allow these services? I am able to add the services properly when ssh'ing into the server and running sudo ufw allow http, etc.


Source: (StackOverflow)