Hi, I tried it, and the result is Jan 9 23:33:11 FSC-neu kernel: [ 119.986998] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:bc:05:43:ae:38:1a:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 Jan 9 23:33:15 FSC-neu kernel: [ 124.063501] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:fb:60:12:8b:46:ce:55:08:00 SRC=192.168.1.251 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=57247 PROTO=2 Jan 9 23:34:07 FSC-neu kernel: [ 176.575247] [UFW BLOCK] IN=eth0 OUT= MAC=90:1b:0e:18:56:e3:60:12:8b:46:ce:55:08:00 SRC=192.168.1.251 DST=192.168.1.31 LEN=146 TOS=0x00 PREC=0x00 TTL=64 ID=27304 PROTO=UDP SPT=5353 DPT=42937 LEN=126 Jan 9 23:34:07 FSC-neu kernel: [ 176.623963] [UFW ALLOW] IN= OUT=eth0 SRC=192.168.1.31 DST=224.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=1 ID=50220 DF PROTO=UDP SPT=42937 DPT=8612 LEN=24 Jan 9 23:34:07 FSC-neu kernel: [ 176.623982] [UFW ALLOW] IN=eth0 OUT= MAC= SRC=192.168.1.31 DST=224.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=1 ID=50220 DF PROTO=UDP SPT=42937 DPT=8612 LEN=24 Jan 9 23:34:07 FSC-neu kernel: [ 176.625233] [UFW BLOCK] IN=eth0 OUT= MAC=90:1b:0e:18:56:e3:60:12:8b:46:ce:55:08:00 SRC=192.168.1.251 DST=192.168.1.31 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=41849 PROTO=UDP SPT=8612 DPT=42937 LEN=40 Jan 9 23:34:08 FSC-neu kernel: [ 177.133004] [UFW BLOCK] IN=eth0 OUT= MAC=90:1b:0e:18:56:e3:60:12:8b:46:ce:55:08:00 SRC=192.168.1.251 DST=192.168.1.31 LEN=146 TOS=0x00 PREC=0x00 TTL=64 ID=21591 PROTO=UDP SPT=5353 DPT=42937 LEN=126 Jan 9 23:34:08 FSC-neu kernel: [ 177.175232] [UFW ALLOW] IN= OUT=eth0 SRC=192.168.1.31 DST=224.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=1 ID=50353 DF PROTO=UDP SPT=42937 DPT=8612 LEN=24 Jan 9 23:34:08 FSC-neu kernel: [ 177.175253] [UFW ALLOW] IN=eth0 OUT= MAC= SRC=192.168.1.31 DST=224.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=1 ID=50353 DF PROTO=UDP SPT=42937 DPT=8612 LEN=24 Jan 9 23:34:08 FSC-neu kernel: [ 177.176434] [UFW BLOCK] IN=eth0 OUT= MAC=90:1b:0e:18:56:e3:60:12:8b:46:ce:55:08:00 SRC=192.168.1.251 DST=192.168.1.31 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58754 PROTO=UDP SPT=8612 DPT=42937 LEN=40 Jan 9 23:34:08 FSC-neu kernel: [ 177.674191] [UFW BLOCK] IN=eth0 OUT= MAC=90:1b:0e:18:56:e3:60:12:8b:46:ce:55:08:00 SRC=192.168.1.251 DST=192.168.1.31 LEN=146 TOS=0x00 PREC=0x00 TTL=64 ID=56849 PROTO=UDP SPT=5353 DPT=42937 LEN=126 Jan 9 23:34:08 FSC-neu kernel: [ 177.723215] [UFW ALLOW] IN= OUT=eth0 SRC=192.168.1.31 DST=224.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=1 ID=50448 DF PROTO=UDP SPT=42937 DPT=8612 LEN=24 Jan 9 23:34:08 FSC-neu kernel: [ 177.723232] [UFW ALLOW] IN=eth0 OUT= MAC= SRC=192.168.1.31 DST=224.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=1 ID=50448 DF PROTO=UDP SPT=42937 DPT=8612 LEN=24 Jan 9 23:34:08 FSC-neu kernel: [ 177.724294] [UFW BLOCK] IN=eth0 OUT= MAC=90:1b:0e:18:56:e3:60:12:8b:46:ce:55:08:00 SRC=192.168.1.251 DST=192.168.1.31 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=26443 PROTO=UDP SPT=8612 DPT=42937 LEN=40
Still getting blocked... Yours -- You received this bug notification because you are a member of Gufw Developers, which is subscribed to Gufw. https://bugs.launchpad.net/bugs/1650489 Title: ufw broken on Linux Mint 17.3 Status in Gufw: New Status in Linux Mint: New Status in ufw: Incomplete Bug description: Hi, on my Linux Mint 17.3 x64 Cinnamon, ufw appears to be broken (0.34~rc- 0ubuntu2). Networking seemed to work alright, surfing was no problem, also FTP and SSH worked. But not Bonjour, which I need to use the scanner that is inside my Canon MX925. So I used gufw (14.04.2-0ubuntu1.2) to add rules that allow packets sent to ports 8610 and 8612, and packets coming from 5353 (Bonjour). But still, some of these packets get blocked, according to syslog. Looking deeper inside the matter, I realised that the default inbound policy is deny. So surfing should not be possible, but it works alright. sudo ufw status verbose Status: Aktiv Protokollierung: on (medium) Voreinstellung: reject (eingehend), allow (abgehend), disabled (gesendet) Neue Profile: skip Zu Aktion Von -- ------ --- 8612 ALLOW IN Anywhere (log) 5353 ALLOW IN Anywhere (log) 8612 (v6) ALLOW IN Anywhere (v6) (log) 5353 (v6) ALLOW IN Anywhere (v6) (log) 8610 ALLOW OUT Anywhere (log) 8612 ALLOW OUT Anywhere (log) 8610 (v6) ALLOW OUT Anywhere (v6) (log) 8612 (v6) ALLOW OUT Anywhere (v6) (log) Bonjour should be the only thing working, but in fact, it's the only thing NOT working. So I looked at those predefined sets of rules that ufw should come with, according to http://www.larrytalkstech.com/ufw-the-linux-uncomplicated-firewall/ but most of the ones mentioned there are missing. sudo ufw app list Verfügbare Anwendungen: CUPS Samba Only CUPS and Samba are known? Not even DNS or tcp/80 ? Since surfing works alright, my guess is that ufw does not really work together with iptables, which to my understanding is the "real firewall" that (g)ufw is only a frontend for. So ufw does not show all rules that are in force, and ufw does not correctly apply new rules at the correct position in the chain, so they get defeated by the existing rules, thus Bonjour gets broken. Dec 15 14:00:30 FSC-neu kernel: [72537.358551] [UFW BLOCK] IN=eth0 OUT= MAC=90:1b:0e:18:56:e3:60:12:8b:46:ce:55:08:00 SRC=192.168.1.251 DST=192.168.1.31 LEN=146 TOS=0x00 PREC=0x00 TTL=64 ID=63636 PROTO=UDP SPT=5353 DPT=36762 LEN=126 Thanks Oliver To manage notifications about this bug go to: https://bugs.launchpad.net/gui-ufw/+bug/1650489/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~gufw-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~gufw-developers More help : https://help.launchpad.net/ListHelp
