UFW 'default deny incoming' doesn't work
Solution 1
Citting the UFW introduction from Ubuntu Community...
The information bellow can be used to handle UFW from terminal using sudo
for each command and providing root's password.
How can i enable UFW?
sudo ufw enable
this will enalbe UFW with default rules
Note that by default, deny is being applied to incoming.
How can i check UFW's status?
sudo ufw status verbose
How can i check any exceptions in rules? <-- with this you can check of what is blocked
sudo ufw show raw
You can also read the rules files in /etc/ufw (the files whose names end with .rules)
Examples:
- To deny incoming tcp packets on port 53
sudo ufw deny 53/tcp
- To deny incoming udp packets on port 53 <-- this is what are yiu looking for
sudo ufw deny 53/udp
- Delete Existing Rule
To delete a rule, simply prefix the original rule with delete. For example, if the original rule was:
ufw deny 80/tcp
Use this to delete it:
sudo ufw delete deny 80/tcp
Full reference: https://help.ubuntu.com/community/UFW
Solution 2
Just run into the same issue, and in my case it was because i had a virtual bridge that had all other interfaces connected to it (created while configuring Xen) . Removing the bridge solved the ufw not working problem.
The other approach is to play with routing and forwarding rules and make ufw work with the bridge.
Related videos on Youtube
Patrykw
Updated on September 18, 2022Comments
-
Patrykw over 1 year
I have UFW enabled, 'default deny incoming' set and no any additional rules, but I still can access all ports from other PCs.
I have to manually block each port. What can be wrong?
-
Patrykw almost 11 years'this will enalbe UFW with default rules Note that by default, deny is being applied to incoming.' In this case incoming connections aren't denied by default.
-
Kalle Richter over 8 yearsPlease be more specific by explaining specific actions necessary to follow your answer or link existing questions doing that.
-
milan over 8 years@KarlRichter how to remove a bridge? that's another question :)
-
Kalle Richter over 8 yearsWhich is why you should link existing answered questions about that.