Why is ufw logging 'BLOCK' messages regarding a port for which ufw is configured to 'ALLOW' connections?
Here's an example log message:
May 25 10:36:07 myserver kernel: [7057243.392334] [UFW BLOCK] IN=eth0 OUT= MAC=00:02:55:67:82:eb:00:06:b1:3a:ef:62:08:00 SRC=69.197.128.26 DST=192.168.100.101 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=0 PROTO=TCP SPT=48788 DPT=80 WINDOW=972 RES=0x00 RST URGP=0
My understanding is that DPT stands for "destination port", but since I have ufw configured to allow incoming connections on port 80, I'm puzzled as to why I'd be seeing such a log message -- a log message which seems to be indicating ufw blocked a connection attempt on that port.
The following are the relevant lines from ufw status:
To Action From
-- ------ ----
80/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere (v6)
The culprit machine is running Ubuntu 11.10 with ufw 0.30.1-2ubuntu1. Any insights appreciated!
Here's an example log message:
May 25 10:36:07 myserver kernel: [7057243.392334] [UFW BLOCK] IN=eth0 OUT= MAC=00:02:55:67:82:eb:00:06:b1:3a:ef:62:08:00 SRC=69.197.128.26 DST=192.168.100.101 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=0 PROTO=TCP SPT=48788 DPT=80 WINDOW=972 RES=0x00 RST URGP=0
My understanding is that DPT stands for "destination port", but since I have ufw configured to allow incoming connections on port 80, I'm puzzled as to why I'd be seeing such a log message -- a log message which seems to be indicating ufw blocked a connection attempt on that port.
The following are the relevant lines from ufw status:
To Action From
-- ------ ----
80/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere (v6)
The culprit machine is running Ubuntu 11.10 with ufw 0.30.1-2ubuntu1. Any insights appreciated!
No comments:
Post a Comment