UFW terminal help

Discussion in 'all things UNIX' started by Palancar, May 21, 2014.

Thread Status:
Not open for further replies.
  1. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Can't imagine what I did. I want to learn how to fix this without having to remove and reinstall ufw, which would be easy.

    I use ufw for a firewall to VPN tunnel only. I am setting up a new 14.04 machine. Somehow I manage to get my general defaults wrong.

    What I see is:

    Default: deny (incoming), deny (outgoing), disabled (routed)

    What I want is:

    Default: deny (incoming), deny (outgoing)

    Question; what terminal command to use to remove ---------- > disabled (routed)?

    The rest of my rules show correctly when viewing ufw in verbose.
     
  2. tlu

    tlu Guest

    I don't think that's possible (and to what benefit?). You're using Ubuntu 14.04 which has ufw v. 0.34. This version got a new feature "routed packet filtering (FORWARD)" - that's why you couldn't see it in older versions. More details here:

     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    tlu,

    Thank you for the explanation. I don't use that new feature, at least wittingly. As long as its disabled then I am OK for what I am using ufw for. I actually have a VPN client but I don't trust any third party vendor for my firewall. ufw is easy to employ for keeping all traffic in tun0.
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    tlu,

    You really seem to know ufw.

    I almost started a new thread but decided to post here instead. Hope you see it. If you or anyone else in the know can help me with another issue I would be appreciative.

    I just checked my family linux computer last night and while the tunnel is locked down the dns leaks my ISP's dns all over the place. My ufw rules work well for locking down the tunnel traffic except for the dns.

    I have read around and it appears there is an easy solution by using the ufw before.rules to set my VPN's dns range. This would happen before ufw rules even start and it really makes sense to me. However; I don't have any experience doing this so I thought I would ask before having to build ufw over again. LOL!!

    If you have a different ufw solution I am here to learn. Basically I block outgoing and incoming and limit the IP's to a few server entry IP's, and then limit to tun0. The traffic stays in the tunnel (tun0).

    So for an example using one of my VPN provider's dns. How would I edit the ufw before.rules to limit ALL dns to the 10.4.0.0 - 10.9.255.255 range - period?

    My reading makes before.rules look like an attractive solution. If you are not familiar with it feel free to say so. I am not embarrassed to ask for help and guidance. My linux skills are improving every single day. Its a hill for me but I am loving it.

    When I get home I may try this, but would love a steer for confidence:

    sudo gedit /etc/ufw/before.rules ------- > and then edit accordingly

    Thanks in advance.
     
    Last edited: May 28, 2014
  5. tlu

    tlu Guest

    Sorry, Palancar, I'm only familiar with its basic usage. And I've never used a VPN. So I'm afraid that someone else has to answer your questions ...
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Thank you anyway.

    BTW ---- I solved my issue by editing in and allowing ONLY my vpn's DNS as a nameserver. All others are gone. It was tricky with 14.04 but I got it!!
     
Loading...
Thread Status:
Not open for further replies.