Pakete werden trotzt ALLOW geblockt

proxy · Jul 27, 2010

Ich habe ufw so konfiguriert, dass alle eingehenden Verbindungen gedroppt werden, außer auf Port 30000. Dort sind TCP/UDP Pakete auf ALLOW gesetzt.

Code:

$ sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
30000                      ALLOW       Anywhere

In iptables sieht das so aus:

Code:

Chain ufw-user-input (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:30000 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:30000

Trotztdem werden andauernd Pakete, die für den Port bestimmt sind, geblockt und ufw spammt mir die Logs voll.

Code:

Jul 27 15:51:42 username kernel: [47197.077526] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=65.8.137.107 DST=10.0.0.101 LEN=49 TOS=0x00 PREC=0x20 TTL=107 ID=19936 DF PROTO=TCP SPT=62561 DPT=30000 WINDOW=16831 RES=0x00 ACK PSH FIN URGP=0 
Jul 27 15:52:03 username kernel: [47218.792683] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=74.15.254.10 DST=10.0.0.101 LEN=255 TOS=0x00 PREC=0x20 TTL=114 ID=6539 DF PROTO=TCP SPT=47082 DPT=30000 WINDOW=65340 RES=0x00 ACK PSH URGP=0 
Jul 27 15:52:08 username kernel: [47223.003835] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=74.15.254.10 DST=10.0.0.101 LEN=138 TOS=0x00 PREC=0x20 TTL=114 ID=7044 DF PROTO=TCP SPT=43796 DPT=30000 WINDOW=65340 RES=0x00 ACK PSH URGP=0 
Jul 27 15:52:08 username kernel: [47223.308762] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=74.15.254.10 DST=10.0.0.101 LEN=125 TOS=0x00 PREC=0x20 TTL=114 ID=7121 DF PROTO=TCP SPT=43796 DPT=30000 WINDOW=65340 RES=0x00 ACK PSH URGP=0 
Jul 27 15:52:08 username kernel: [47223.756872] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=74.240.80.77 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=236 ID=41242 DF PROTO=TCP SPT=59362 DPT=30000 WINDOW=0 RES=0x00 ACK RST URGP=0 
Jul 27 15:52:27 username kernel: [47242.063493] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=84.48.49.121 DST=10.0.0.101 LEN=240 TOS=0x00 PREC=0x20 TTL=113 ID=16672 DF PROTO=TCP SPT=49901 DPT=30000 WINDOW=65340 RES=0x00 ACK PSH FIN URGP=0 
Jul 27 15:53:21 username kernel: [47295.900866] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=74.240.80.77 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=236 ID=41243 DF PROTO=TCP SPT=59443 DPT=30000 WINDOW=0 RES=0x00 ACK RST URGP=0 
Jul 27 15:57:19 username kernel: [47534.087914] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=204.152.204.174 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=62590 DF PROTO=TCP SPT=80 DPT=38111 WINDOW=0 RES=0x00 RST URGP=0 
Jul 27 15:57:21 username kernel: [47536.294470] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=71.143.190.187 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=244 ID=56550 DF PROTO=TCP SPT=58326 DPT=30000 WINDOW=0 RES=0x00 ACK RST URGP=0 
Jul 27 15:57:22 username kernel: [47537.308122] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=98.122.135.210 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=114 ID=13327 DF PROTO=TCP SPT=51665 DPT=30000 WINDOW=65295 RES=0x00 ACK FIN URGP=0 
Jul 27 15:57:31 username kernel: [47546.736448] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=98.122.135.210 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=114 ID=14924 DF PROTO=TCP SPT=51665 DPT=30000 WINDOW=65295 RES=0x00 ACK FIN URGP=0 
Jul 27 15:57:51 username kernel: [47565.936847] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=98.85.192.66 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=110 ID=14527 DF PROTO=TCP SPT=57259 DPT=30000 WINDOW=0 RES=0x00 ACK RST URGP=0 
Jul 27 16:02:57 username kernel: [47872.644696] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=67.177.138.20 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=116 ID=31518 DF PROTO=TCP SPT=43683 DPT=30000 WINDOW=16689 RES=0x00 ACK FIN URGP=0 
Jul 27 16:02:58 username kernel: [47873.329367] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=67.177.138.20 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=116 ID=31544 DF PROTO=TCP SPT=43683 DPT=30000 WINDOW=16689 RES=0x00 ACK FIN URGP=0 
Jul 27 16:02:59 username kernel: [47874.688953] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=67.177.138.20 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=116 ID=31589 DF PROTO=TCP SPT=43683 DPT=30000 WINDOW=16689 RES=0x00 ACK FIN URGP=0 
Jul 27 16:03:02 username kernel: [47877.404843] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=67.177.138.20 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=116 ID=31670 DF PROTO=TCP SPT=43683 DPT=30000 WINDOW=16689 RES=0x00 ACK FIN URGP=0 
Jul 27 16:03:03 username kernel: [47877.990870] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=24.13.84.184 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=113 ID=26624 DF PROTO=TCP SPT=1122 DPT=30000 WINDOW=64174 RES=0x00 ACK FIN URGP=0 
Jul 27 16:03:07 username kernel: [47882.847012] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=67.177.138.20 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=116 ID=31898 DF PROTO=TCP SPT=43683 DPT=30000 WINDOW=16689 RES=0x00 ACK FIN URGP=0 
Jul 27 16:03:09 username kernel: [47884.425095] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=74.15.254.10 DST=10.0.0.101 LEN=152 TOS=0x00 PREC=0x20 TTL=114 ID=9855 DF PROTO=TCP SPT=38887 DPT=30000 WINDOW=65340 RES=0x00 ACK PSH URGP=0 
Jul 27 16:04:18 username kernel: [47953.134931] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=98.122.135.210 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=114 ID=19992 DF PROTO=TCP SPT=53671 DPT=30000 WINDOW=64014 RES=0x00 ACK FIN URGP=0 
Jul 27 16:04:20 username kernel: [47954.895780] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=76.173.177.48 DST=10.0.0.101 LEN=434 TOS=0x00 PREC=0x20 TTL=48 ID=51934 DF PROTO=TCP SPT=56773 DPT=30000 WINDOW=65535 RES=0x00 ACK PSH URGP=0 
Jul 27 16:04:21 username kernel: [47956.163033] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=98.122.135.210 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=114 ID=20580 DF PROTO=TCP SPT=53671 DPT=30000 WINDOW=64014 RES=0x00 ACK FIN URGP=0 
Jul 27 16:04:27 username kernel: [47962.259215] [UFW BLOCK] IN=eth0 OUT= MAC=X SRC=98.122.135.210 DST=10.0.0.101 LEN=40 TOS=0x00 PREC=0x20 TTL=114 ID=21446 DF PROTO=TCP SPT=53671 DPT=30000 WINDOW=64014 RES=0x00 ACK FIN URGP=0

Weiß jemand woran das liegt?

xeno · Jul 27, 2010

Magst du mal den kompletten Output von 'iptables -L' pasten?

lookshe · Jul 27, 2010

iptables -vnL wäre evtl. besser, denn dort sieht man afaik gleich, welche Regeln gegriffen haben, bzw welche Pakete durch die Regel durchgelassen wurden.

proxy · Jul 28, 2010

Code:

Chain INPUT (policy DROP)
target     prot opt source               destination         
ufw-before-logging-input  all  --  anywhere             anywhere            
ufw-before-input  all  --  anywhere             anywhere            
ufw-after-input  all  --  anywhere             anywhere            
ufw-after-logging-input  all  --  anywhere             anywhere            
ufw-reject-input  all  --  anywhere             anywhere            
ufw-track-input  all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ufw-before-logging-forward  all  --  anywhere             anywhere            
ufw-before-forward  all  --  anywhere             anywhere            
ufw-after-forward  all  --  anywhere             anywhere            
ufw-after-logging-forward  all  --  anywhere             anywhere            
ufw-reject-forward  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-output  all  --  anywhere             anywhere            
ufw-before-output  all  --  anywhere             anywhere            
ufw-after-output  all  --  anywhere             anywhere            
ufw-after-logging-output  all  --  anywhere             anywhere            
ufw-reject-output  all  --  anywhere             anywhere            
ufw-track-output  all  --  anywhere             anywhere            

Chain ufw-after-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-input (1 references)
target     prot opt source               destination         
ufw-skip-to-policy-input  udp  --  anywhere             anywhere            udp dpt:netbios-ns 
ufw-skip-to-policy-input  udp  --  anywhere             anywhere            udp dpt:netbios-dgm 
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere            tcp dpt:netbios-ssn 
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds 
ufw-skip-to-policy-input  udp  --  anywhere             anywhere            udp dpt:bootps 
ufw-skip-to-policy-input  udp  --  anywhere             anywhere            udp dpt:bootpc 
ufw-skip-to-policy-input  all  --  anywhere             anywhere            ADDRTYPE match dst-type BROADCAST 

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] ' 

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] ' 

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-after-output (1 references)
target     prot opt source               destination         

Chain ufw-before-forward (1 references)
target     prot opt source               destination         
ufw-user-forward  all  --  anywhere             anywhere            

Chain ufw-before-input (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ufw-logging-deny  all  --  anywhere             anywhere            state INVALID 
DROP       all  --  anywhere             anywhere            state INVALID 
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable 
ACCEPT     icmp --  anywhere             anywhere            icmp source-quench 
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded 
ACCEPT     icmp --  anywhere             anywhere            icmp parameter-problem 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request 
ACCEPT     udp  --  anywhere             anywhere            udp spt:bootps dpt:bootpc 
ufw-not-local  all  --  anywhere             anywhere            
ACCEPT     all  --  BASE-ADDRESS.MCAST.NET/4  anywhere            
ACCEPT     all  --  anywhere             base-address.mcast.net/4 
ufw-user-input  all  --  anywhere             anywhere            

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-before-output (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ufw-user-output  all  --  anywhere             anywhere            

Chain ufw-logging-allow (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 10 LOG level warning prefix `[UFW ALLOW] ' 

Chain ufw-logging-deny (2 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            state INVALID limit: avg 3/min burst 10 
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] ' 

Chain ufw-not-local (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            ADDRTYPE match dst-type LOCAL 
RETURN     all  --  anywhere             anywhere            ADDRTYPE match dst-type MULTICAST 
RETURN     all  --  anywhere             anywhere            ADDRTYPE match dst-type BROADCAST 
ufw-logging-deny  all  --  anywhere             anywhere            limit: avg 3/min burst 10 
DROP       all  --  anywhere             anywhere            

Chain ufw-reject-forward (1 references)
target     prot opt source               destination         

Chain ufw-reject-input (1 references)
target     prot opt source               destination         

Chain ufw-reject-output (1 references)
target     prot opt source               destination         

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain ufw-track-input (1 references)
target     prot opt source               destination         

Chain ufw-track-output (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            state NEW 
ACCEPT     udp  --  anywhere             anywhere            state NEW 

Chain ufw-user-forward (1 references)
target     prot opt source               destination         

Chain ufw-user-input (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:30000 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:30000 

Chain ufw-user-limit (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 5 LOG level warning prefix `[UFW LIMIT BLOCK] ' 
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination         

Chain ufw-user-output (1 references)
target     prot opt source               destination

Code:

Chain INPUT (policy DROP 44 packets, 17558 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  27M   24G ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  27M   24G ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   44 17558 ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   44 17558 ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   44 17558 ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   44 17558 ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw-before-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 4145 packets, 213K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  20M 6977M ufw-before-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  20M 6977M ufw-before-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
87362 7056K ufw-after-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
87362 7056K ufw-after-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
87362 7056K ufw-reject-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
87362 7056K ufw-track-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:137 
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:138 
    0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:139 
    0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:445 
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:67 
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:68 
    0     0 ufw-skip-to-policy-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type BROADCAST 

Chain ufw-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK] ' 

Chain ufw-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   40 14222 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK] ' 

Chain ufw-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw-user-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
14638  900K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
  27M   24G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
 8385  790K ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
 8385  790K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 12 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:67 dpt:68 
 429K   43M ufw-not-local  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       224.0.0.0/4          0.0.0.0/0           
  103 11529 ACCEPT     all  --  *      *       0.0.0.0/0            224.0.0.0/4         
 429K   43M ufw-user-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
14638  900K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
  20M 6969M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
87362 7056K ufw-user-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW ALLOW] ' 

Chain ufw-logging-deny (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 5079  492K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID limit: avg 3/min burst 10 
 2595  234K LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK] ' 

Chain ufw-not-local (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 429K   43M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type LOCAL 
  103 11529 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type MULTICAST 
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type BROADCAST 
    0     0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 10 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-input (7 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
24893 1501K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
58324 5343K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 

Chain ufw-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
89579 4649K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:30000 
 339K   38M ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:30000 

Chain ufw-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 0 level 4 prefix `[UFW LIMIT BLOCK] ' 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain ufw-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

lookshe · Jul 28, 2010

Ich würde spontan vermuten, dass die Einträge durch folgende Kette kommen:

Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
40 14222 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK] '

Für mich sieht das aus, als würde einfach geloggt werden, wenn zuviele Anfrage innerhalb kurzer zeit kommen.

Btw: Wenn du wirklich nur alles bis auf einen Port blocken willst, warum dann der umständliche Weg über dieses Tool, dass die iptables ziemlich aufbohrt (und zudem recht unübersichtlich macht) und nicht einfach nur die paar wichtigen Regeln selbst definieren?

Dresko · Jul 28, 2010

Die erste Regel die trifft, wird genommen.
Deine Ausnahme-Regel befindet sich in der 'ufw-user-input'-Chain. Bei dir durchläuft er jedoch in der Chain 'ufw-before-input' zuerst die 'ufw-not-local'-Chain noch bevor er zur 'ufw-user-input'-Chain kommt. Die letzte Regel in 'ufw-not-local' ist:

Code:

DROP       all  --  anywhere             anywhere

Ich vermute der Fehler liegt dort.

proxy · Jul 30, 2010

Wie ihr Euch sicher schon gedacht habt, geht es hier um BitTorrent.

Es werden fast ausschließlich Pakete mit FIN und RST Flags geblockt und es scheinen auch immer die gleichen IPs zu sein, von denen die Pakete kommen.
Ich gehe also mal davon aus, dass die betroffenen Clients einfach zu spät und/oder zu oft antworten, nachdem die Verbindung schon beendet wurde.

Ich kenne mich mit der iptables-Konfiguration nicht so gut aus (deshalb auch ufw), aber nehme mal an, dass es ziemlich umständlich wäre, diese Einträge aus den Logs zu filtern.

Pakete werden trotzt ALLOW geblockt

proxy

0

xeno

Moderator

lookshe

0

proxy

0

lookshe

0

Dresko

0

proxy

0