ufw firewall deny outgoing but allow browser

ufw networking iptables firewall
14,021

The first thing you need to do is to change the default outgoing policy to deny. By default all outgoing traffic is allowed.

sudo ufw default deny outgoing

Then you must allow outgoing traffic on both port 80 and 443 with these commands:

sudo ufw allow out to any port 80
sudo ufw allow out to any port 443

Finally, since web browsing require access to a DNS server you must also allow port 53:

sudo ufw allow out to any port 53

Then reload the firewall rules:

sudo ufw reload

Confirm the changes with: sudo ufw status verbose

enter image description here

Share:
14,021

Related videos on Youtube

user3767643
Author by

user3767643

Updated on September 18, 2022

Comments

  • user3767643
    user3767643 over 1 year

    I want to configure ufw firewall in a way, where I can allow "browser" surfing but deny all another outgoing.

    I have denied outgoing using gufw but it blocked surfing too, so, I allowed "outgoing" anywhere http (80) and https (443), but was still not able to surf the internet.

    Need help in setting up deny outgoing but still allow surfing internet with the browser.

    • 2707974
      2707974 about 6 years
      Do you allow outgoing connection to DNS?
    • user3767643
      user3767643 about 6 years
      It's home PC. do i need to do that ?
    • 2707974
      2707974 about 6 years
      Yes, you must. You PC use DNS to resolve logical name aka www.example.com to ip address. Without ip address for destination network traffic will not be router.
  • user3767643
    user3767643 almost 6 years
    Doesn't work , I just follow the exact rules mentioned above and I get the error "There is no Internet connection", so I was not able to write comment. After setting ALLOW to outgoing, I am having access to internet again. I am using "Google Chrome" and "firefox" as my browser.
  • Admin
    Admin almost 6 years
    Hm okay, it works on my machine that is a freshly installed Ubuntu 18.04 Desktop. Have you got an IP address if you run ifconfig? What are the result of "nslookup www.google.com"?
  • Admin
    Admin almost 6 years
    If you take a look in /var/log/ufw.log, are there any rows that contain "[UFW BLOCK]" together with "DPT=53", "DPT=80" or "DPT=443"? Where DPT is the destination port number.
  • user3767643
    user3767643 almost 6 years
    Yes, I found there were some BLOCK and I realised, I did mistake, instead of ALLOW OUT, I did ALLOW IN and after fixing typo. It is working super fine. This is amazing. Thanks

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Configure UFW to allow only established and related conections (on IPv4)
How do I allow multiple ports simultaneously in UFW?
Open port 80 on Ubuntu server
UFW/IPTables: how to securely allow authenticated git access with github
ufw won't allow connections to port 5432
Problems allowing outgoing multicast in ufw
How can I allow ssh connection from an IP subnet on port 10022 using iptables?
UFW BLOCK syslog - tcp/ip is blocked and this is allowed in UFW - GPS TRACKING/TCP/UDP report server
Configuring NAT with ufw instead iptables
Correct way to masquerade IP in iptables