ufw blocking apt and dns

domain-name-system debian firewall aptitude ufw
7,607

You need to add the following into iptables, as ufw just interfaces with it.

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Share:
7,607

Related videos on Youtube

Fleshgrinder
Author by

Fleshgrinder

Currently working at HelloFresh as staff engineer. See some of my projects over at GitHub.

Updated on September 18, 2022

Comments

  • Fleshgrinder
    Fleshgrinder over 1 year

    I installed ufw on my Debian system like the following:

    # aptitude install ufw
# ufw limit 22
# ufw allow 80
# ufw allow 443
# ufw enable
# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
20                         LIMIT       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere

    A simple ping google.com fails, also any aptitude install will fail. I searched serverfault for answers. One solution was to allow port 53 for DNS - didn't help. Or ufw allow out 1024:65535/udp together with port 53 - didn't help.

    What worked was to allow my DNS server like ufw allow from [DNS IP]; but that's no solution if you ask me.

    apt-get and aptitude are all blocked by ufw. Couldn't find anything on how to allow installing new things. A ufw log entry example:

    Aug 12 17:31:08 host kernel: [535454.665168] [UFW BLOCK] IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=0.0.0.0 DST=0.0.0.0 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=80 DPT=41343 WINDOW=14480 RES=0x00 ACK SYN URGP=0

    Any ideas?

    • Fleshgrinder
      Fleshgrinder almost 12 years
      Is it voted down because the person who voted my question down doesn't know the answer?
    • tacotuesday
      tacotuesday almost 12 years
      I'd look for something like this, since it just interfaces with iptables: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    • Fleshgrinder
      Fleshgrinder over 11 years
      @nojak Post it as an answer and I accept it as the correct one. This works like a charm!
    • tacotuesday
      tacotuesday over 11 years
      Glad to hear it!
    • rugk
      rugk about 7 years
      As for DNS, also see UFW is blocking DNS. It might help.
  • Razick
    Razick about 10 years
    This is the first answer after hours of searching to fix the issue. Thanks.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

I've installed and enabled ufw firewall, and I cannot connect to my server
how to open port 53 for bind
Can't log in via SSH after reboot!
Why does Debian come without a firewall enabled by default?
UFW as an active service on Ubuntu
Lost connection to MySQL server at 'reading initial communication packet', system error: 113
What packages are installed by default in Debian? Is there a term for that set? Why some of those packages are `automatically installed` and some not?
UFW 'default deny incoming' doesn't work
Problem with ufw enable: libkmod: ERROR ../libkmod/libkmod.c
UFW rules disappear after manually adding them to user.rules ubuntu 16.04