ufw blocking apt

ubuntu port apt ufw
14,033

Solution 1

I've found the answer:

Port 53 needs to be opened, for DNS

Port 123 seems to be a good idea too

Port reference: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Solution 2

These rules helped me to successfully get rate limiting on SSH, allow in/out http and https, enable git, and have apt and aptitude working no problem:

ufw default deny incoming
ufw default deny outgoing
ufw limit ssh
ufw allow svn
ufw allow git
ufw allow out http
ufw allow in http 
ufw allow out https
ufw allow in https
ufw allow out 53
ufw logging on
ufw enable

Note: I did initiate these rules with a ufw reset in order to start fresh.

Solution 3

from ufw man page

Rule ordering is important and the first match wins. Therefore when adding rules, add the more specific rules first with more general rules later.

from the output you've posted looks like you're deny all is getting caught before you're allow rules

Share:
14,033

Related videos on Youtube

Katai
Author by

Katai

Updated on September 18, 2022

Comments

  • Katai
    Katai over 1 year

    I have the same Problem as described here, but the given solution doesnt work for me:

    ufw blocking apt and dns

    When I add the rule ufw deny out to any, and add the port 80, 443/tcp, ssh-port as exceptions, and then add iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT I still am not able to use apt-get update, or similar things.

    root@iof304:~# ufw status Status: active

    To                         Action      From
--                         ------      ----
22                         DENY        Anywhere
80                         ALLOW       Anywhere
(ssh)                      LIMIT       Anywhere
22                         DENY        Anywhere (v6)
80                         ALLOW       Anywhere (v6)
(ssh)                      ALLOW       Anywhere (v6)

(ssh)                      ALLOW OUT   Anywhere
Anywhere                   DENY OUT    Anywhere
80                         ALLOW OUT   Anywhere
443/tcp                    ALLOW OUT   Anywhere
(ssh)                      ALLOW OUT   Anywhere (v6)
Anywhere (v6)              DENY OUT    Anywhere (v6)
80                         ALLOW OUT   Anywhere (v6)
443/tcp                    ALLOW OUT   Anywhere (v6)

    Now, I'll delete the ufw deny out to any (with that, everything works fine) but I'ld like to restrict everything as good as possible, so what I probably would need to know, are the ports used for apt-get - they have to be OUT ports, since only deny out to any blocks everything, but apt-get doesnt seem to have a problem downloading stuff with that rule disabled (is that a sign that the other IN ports arent blocked?)

    Thanks in advance

  • Katai
    Katai over 11 years
    Tried to switch them around (deleted 'deny out any' and added it aggain) now it appears at the end, but aptitude update still gets blocked
  • MER
    MER over 7 years
    Just want to add that this is a really important point when setting up the rules logged into a server remotely. Saved my bacon.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

UFW - deny outbound except for apt-get updates?
Opening port 5432 on ubuntu
UFW as an active service on Ubuntu
how to kill port 80 in ubuntu
"sudo apt update" and all I get is (target content is configured multiple times), (the repository does not have a Release file), (404 not found)
Ubuntu 18.10 - how to install a specific version of gcc
Ubuntu 16.04 apt-get - Could not resolve 'proxy_server'
How to update GDB to most current, stable version
NVML driver/library mismatch after libnvidia-compute update
Apache default port change not working ubuntu 12.04