Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Firewall config
Top Forums UNIX for Beginners Questions & Answers Firewall config Post 303010120 by benc on Wednesday 27th of December 2017 04:52:15 AM
Old 12-27-2017
Firewall config
I'm having a bit of a problem with a firewall configuration. I'm using GUFW.


When I launch firefox and it goes to my home page (DuckDuckGo), the browser makes several connections. For example, the output of "ss -prtu":
Code:
tcp    ESTAB      0      0        10.8.8.22:32774   ec2-176-34-131-233.eu-west-1.compute.amazonaws.com:https  users:(("firefox",pid=6371,fd=146))

tcp   ESTAB      0       0        10.8.8.22:52114   ec2-54-229-110-205.eu-west-1.compute.amazonaws.com:https  users:(("firefox",pid=6371,fd=98))

As an experiment, I want to block both incoming and outgoing connections in the range 10.8.0.0/16. I added rules to GUFW and the logs reflect this:

Code:
[12/27/2017 03:37:33 AM] Editing rule (Adding): myrule | /usr/sbin/ufw deny out from any to 10.8.0.0/16 > Rule added

[12/27/2017 03:37:06 AM] Editing rule (Adding): myrule | /usr/sbin/ufw deny in from 10.8.0.0/16 to any > Rule added

I exited Firefox, then restarted firefox and it went to it's home page as normal. In a terminal, I typed ss -prtu and my firewall commands apparently failed because this comes up:

Code:
tcp   ESTAB      0      0                                   10.8.8.22:39908                ec2-176-34-135-167.eu-west-1.compute.amazonaws.com:https                 users:(("firefox",pid=9687,fd=101))

tcp   ESTAB      0      0                                   10.8.8.22:42292                a88-221-134-48.deploy.akamaitechnologies.com:http                  users:(("firefox",pid=9687,fd=6))

tcp   ESTAB      0      0                                   10.8.8.22:46624                ec2-52-72-108-51.compute-1.amazonaws.com:https                 users:(("firefox",pid=9687,fd=94))

tcp   ESTAB      0      0                                   10.8.8.22:46626                ec2-52-72-108-51.compute-1.amazonaws.com:https                 users:(("firefox",pid=9687,fd=95))

Any idea what I'm doing wrong?

.
Last edited by benc; 12-28-2017 at 09:05 AM.. Reason: code tags
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

What Firewall do you use?

Just out of curiosity, I see a lot of people here use Linux IPTables as their firewall. Anyone here use something else like OpenBSD PF or *BSD IPF, IPFW? I'm quite fond of OpenBSD and their Packet Filters. I find their syntax much easier to manage and from my personal experience, I find them... (5 Replies)
Discussion started by: tarballed
5 Replies

2. Shell Programming and Scripting

parsing config file to create new config files

Hi, I want to use a config file as the base file and parse over the values of country and city parameters in the config file and generate separate config files as explained below. I will be using the config file as mentioned below: (config.txt) country:a,b city:1,2 type:b1... (1 Reply)
Discussion started by: clazzic
1 Replies

3. AIX

Firewall

:b:Hi,, How do configure firewall in aix.. similar to linux iptable. Rgards, k.sumathi. (3 Replies)
Discussion started by: sumathi.k
3 Replies

4. Shell Programming and Scripting

Shell script that will compare two config files and produce 2 outputs 1)actual config file 2)report

Hi I am new to shell scripting. There is a requirement to write a shell script to meet follwing needs.Prompt reply shall be highly appreciated. script that will compare two config files and produce 2 outputs - actual config file and a report indicating changes made. OS :Susi linux ver 10.3. ... (4 Replies)
Discussion started by: muraliinfy04
4 Replies

5. SuSE

Firewall

Is there a command line interface to the firewall? (4 Replies)
Discussion started by: jgt
4 Replies

6. Linux

Firewall?

Dear All I have put my windows machine behind my centos firewall server with just one NIC. At now, the windows machine can ping 192.9.9.3 but cannot resolve valid url (like www.google.com). I have set DNS for it as well. Can you please let me know what is the missing step? Thank you (6 Replies)
Discussion started by: hadimotamedi
6 Replies

7. Cybersecurity

Firewall

Hey Guys, I am looking for a good firewall software to implement in medium/large office, with at least 150 users. I was hopping you guys could help me on this one. Regards, (4 Replies)
Discussion started by: andrevicente
4 Replies

8. Red Hat

Apache virtual host config vs global config problem

Hi folks, I am trying to configure Apache webserver and also a virtual host inside this webserver. For Global server config: /var/www/html/index.html For virtual host config: /var/www/virtual/index.html Both client10 & www10 are pointing to 192.168.122.10 IP address. BUT, MY... (1 Reply)
Discussion started by: freebird8z
1 Replies

9. Windows & DOS: Issues & Discussions

(VS 2008) New build config looking files from other folder build config

Hi Team, My new build configuration always looking for the files from the build where i copied from. please help me to resolve this. I am using Visual studio 2008.It has Qt 4.8. plugins,qml,C++ development I created new debug_new build configuration with additional preprocessor from the... (1 Reply)
Discussion started by: SA_Palani
1 Replies

LEARN ABOUT X11R4

firefox

FIREFOX(1)							Linux User's Manual							FIREFOX(1)

NAME

       firefox - a Web browser for X11 derived from the Mozilla browser

SYNOPSIS

       firefox [OPTIONS] [URL]

DESCRIPTION

       Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

USAGE

       firefox is a simple shell script that will set up the environment for the actual executable.

OPTIONS

       A summary of the options supported by firefox is included below.

   GTK options
       --gdk-debug=FLAGS Gdk debugging flags to set

       --gdk-no-debug=FLAGS
	      Gdk debugging flags to unset

       --gtk-debug=FLAGS
	      Gtk+ debugging flags to set

       --gtk-no-debug=FLAGS
	      Gtk+ debugging flags to unset

       --gtk-module=MODULE
	      Load an additional Gtk module

   X11 options
       --display=DISPLAY
	      X display to use

       --sync Make X calls synchronous

       --no-xshm
	      Don't use X shared memory extension

       --xim-preedit=STYLE

       --xim-status=STYLE

       --g-fatal-warnings
	      Make all warnings fatal

   Firefox options
       -h, -help
	      Show summary of options.

       -height value
	      Set height of startup window to value.

       -width value
	      Set width of startup window to value.

       -v, -version
	      Print /usr/bin/firefox-bin version.

       -CreateProfile profile
	      Create profile.

       -P profile
	      Start with profile.

       -ProfileManager
	      Start with profile manager.

       -UILocale lang-region
	      Start with lang-region resources.

       -contentLocale lang-region
	      Start with lang-region resources.

       -remote command
	      Execute command in an already running Firefox process.  For more info, see: http://www.mozilla.org/unix/remote.html

       -no-remote
	      Don't try to control an already running instance.

       -jsconsole
	      Start with Javascript Console

       -chrome url
	      Load the specified chrome.

       -new-window url
	      Open URL in a new window if Firefox is already running.

       -new-tab url
	      Open URL in a new tab if Firefox is already running.

       -preferences
	      Open Firefox preferences menu.

       -safe-mode
	      Disables extensions and themes for this session.

       FILES  /usr/bin/firefox - shell script wrapping firefox
	      /usr/lib/firefox/firefox - firefox executable

VERSION

       3.0

BUGS

       To report a bug, please visit http://bugzilla.mozilla.org/

SEE ALSO

       mozilla(1)

AUTHORS

       The Mozilla Organization
	      http://www.mozilla.org/about.html

firefox 							 January 04, 2006							FIREFOX(1)
All times are GMT -4. The time now is 07:10 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy