0

I still get a message UFW BLOCKED:

Dec 22 05:12:41 ge-domoticz kernel: [5324365.003868] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:a1:7b:8b:38:1f:8d:e9:e4:9f:08:00:45:00:00:28:92:8c:00:00:ff:06:2f:d4 SRC=192.168.188.5 DST=192.168.188.24 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=37516 PROTO=TCP SPT=6668 DPT=43084 WINDOW=4380 RES=0x00 ACK RST URGP=0

I tried the following rules but the UFW BLOCKED keeps coming:

[10] Anywhere on eth0           ALLOW IN    192.168.188.0/24 6668/tcp  # iOt
[11] Anywhere                   ALLOW IN    192.168.188.0/24 6668/tcp  # iOt
[12] 192.168.188.0/24           ALLOW IN    6668/tcp                   # iOt

raw iptables:

-A ufw-user-input -s 192.168.188.0/24 -i eth0 -p tcp -m tcp --sport 6668 -j ACCEPT
-A ufw-user-input -s 192.168.188.0/24 -p tcp -m tcp --sport 6668 -j ACCEPT
-A ufw-user-input -d 192.168.188.0/24 -p tcp -m tcp --sport 6668 -j ACCEPT

any suggestions what is wrong here? How do I allow all traffic any port with source/dest for 192.168.188.0/24?

Improve this question
3
  • Is it possible, that you block the traffic with one of the rules even before it reaches the rules you show here. You are letting in the traffic with source port 6668. Do you allow the traffic with any destination port, or do yu have some rules that allow only traffic with specific destination ports? Also your packet might be accepted with --state related rule, because it is an ACK message, meaning it is an answer to a SYN packet which obviously got through.
    – nobody
    Commented Dec 22, 2023 at 9:55
  • I've got rules 1-7 anywhere DENY IN xxx.xxx.xxx.xxx/yy to prevent penetration. (like : Anywhere DENY IN 14.103.0.0/16). Rules 8 and 9 allow traffic in and out from tun0. That's it folks! still don't have a clue. My state related rules in /etc/ufw/before.rules seem to be oke... --Edgar
    – Edgar Hildering
    Commented Dec 23, 2023 at 11:17
  • Check for default INPUT. OUTPUT, FORWARD rules. Try with wide opening and then add rules to see which one will stop the traffic.
    – nobody
    Commented Dec 24, 2023 at 21:09

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .