UFW 'default deny incoming' doesn't work

11,453

Solution 1

Citting the UFW introduction from Ubuntu Community...

The information bellow can be used to handle UFW from terminal using sudo for each command and providing root's password.

How can i enable UFW?

sudo ufw enable

this will enalbe UFW with default rules

Note that by default, deny is being applied to incoming.

How can i check UFW's status?

sudo ufw status verbose

How can i check any exceptions in rules? <-- with this you can check of what is blocked

sudo ufw show raw

You can also read the rules files in /etc/ufw (the files whose names end with .rules)

Examples:

  • To deny incoming tcp packets on port 53

sudo ufw deny 53/tcp

  • To deny incoming udp packets on port 53 <-- this is what are yiu looking for

sudo ufw deny 53/udp

  • Delete Existing Rule

To delete a rule, simply prefix the original rule with delete. For example, if the original rule was:

ufw deny 80/tcp

Use this to delete it:

sudo ufw delete deny 80/tcp

Full reference: https://help.ubuntu.com/community/UFW

Solution 2

Just run into the same issue, and in my case it was because i had a virtual bridge that had all other interfaces connected to it (created while configuring Xen) . Removing the bridge solved the ufw not working problem.

The other approach is to play with routing and forwarding rules and make ufw work with the bridge.

Share:
11,453

Related videos on Youtube

Patrykw
Author by

Patrykw

Updated on September 18, 2022

Comments

  • Patrykw
    Patrykw over 1 year

    I have UFW enabled, 'default deny incoming' set and no any additional rules, but I still can access all ports from other PCs.

    I have to manually block each port. What can be wrong?

  • Patrykw
    Patrykw almost 11 years
    'this will enalbe UFW with default rules Note that by default, deny is being applied to incoming.' In this case incoming connections aren't denied by default.
  • Kalle Richter
    Kalle Richter over 8 years
    Please be more specific by explaining specific actions necessary to follow your answer or link existing questions doing that.
  • milan
    milan over 8 years
    @KarlRichter how to remove a bridge? that's another question :)
  • Kalle Richter
    Kalle Richter over 8 years
    Which is why you should link existing answered questions about that.