ufw blocking outgoing calls to whitelisted ip address

user2539602

10/16/22, 7:07 PM

So here is the scenario.

In my ubuntu, I want to block all outgoing traffic except to some IP addresses, which I do by adding ufw rules and it works fine. So the services I access from ubuntu is the MQTT client which listens on port 1884 on another server whose IP I have whitelisted in ufw. Now this works fine, until I try to establish a connection using secure MQTT on port 1885, now this doesn't work until I disable my firewall once, and when I re-enable it, it works every time. The point to note here is that the server IP address is whitelisted in ufw. So this doesn't make sense. If you have any ideas do let me know.

sudo ufw default allow incoming
sudo ufw default deny outgoing
sudo ufw allow out 53
sudo ufw allow out 60001
sudo ufw allow out ntp
sudo ufw allow out to xx.xx.xx.xxx

now this works until i use plain mqtt client with no tls, when i try to enable tls mqtt client this doesn;t work but works after i disable firewall, connect mqtt with tls and then re-enable the firewall.

259

1 + 0

server

firewall

networking

ufw

Score:0

Ubuntu

rohtua

10/16/22, 7:21 PM

With UFW the order of the rules matters. Looking at you list there you've got deny all outgoing set before the allow statement. So what will happen if when you try to make an outgoing connection UFW will check through the rules to see if there's a match and in this instance the first match it comes to is the deny all outgoing. So it blocks the connection, it doesn't check for any other matches.

If you edit the user.rules file in

/etc/ufw/user.rules

Then reorder the rules so you allow statement is before the deny all statement and it should work.

0 + 2

user2539602

10/16/22, 7:55 PM

what if i do this ``` sudo ufw allow out 53 sudo ufw allow out 60001 sudo ufw allow out to xx.xx.xx.xx sudo ufw allow out ntp sudo ufw default allow incoming sudo ufw default deny outgoing ```

rohtua

10/16/22, 7:57 PM

As the rules already exist in the firewall it'll just say skipping existing rule when you try to add them. If you Google it I think there are commands in ufw that can change the order but I'd say its far easier to just edit the file.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: ufw blocking outgoing calls to whitelisted ip address

TH: ufw บล็อกการโทรออกไปยังที่อยู่ IP ที่อนุญาตพิเศษ

RO: ufw blocarea apelurilor efectuate către adresa IP inclusă în lista albă

RU: ufw блокирует исходящие вызовы на IP-адрес из белого списка

VI: ufw chặn các cuộc gọi đi đến địa chỉ ip được liệt kê trong danh sách trắng

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.