On Thursday 14 Feb 2013 12:30:48 Simon Greenwood wrote: > On 14 February 2013 12:02, Mark Fraser <mfraz74+ubu...@gmail.com> wrote: > > I've recently noticed that I've been getting lots of [UFW BLOCK] in my > > syslogs: > > > > [ 6378.481677] [UFW BLOCK] IN=eth0 OUT= > > MAC=50:46:5d:b8:7a:58:1c:c6:3c:9b:dd:0e:08:00 SRC=173.194.41.99 > > DST=192.168.2.102 LEN=40 TOS=0x08 PREC=0x40 TTL=55 ID=17891 PROTO=TCP > > SPT=443 > > DPT=50069 WINDOW=0 RES=0x00 RST URGP=0 > > > > [ 6391.079634] [UFW BLOCK] IN=eth0 OUT= > > MAC=50:46:5d:b8:7a:58:1c:c6:3c:9b:dd:0e:08:00 SRC=173.194.66.108 > > DST=192.168.2.102 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=35432 PROTO=TCP > > SPT=995 > > DPT=52449 WINDOW=0 RES=0x00 RST URGP=0 > > > > Going from the above, I tried to add rules for ports 443 and 995, but the > > ports are still blocked. > > > > Any ideas? > > As you probably know, port 443 is HTTPS and port 995 is POP3 with SSL. The > inbound addresses are from Google (the reverse lookup shows 1e100.net, > which is their network) which would suggest Gmail reading POP mail and > looking at a web site. Would that make sense?
That makes sense, but why are they blocked as I've got these: [28] 443 ALLOW IN Anywhere [29] 995 ALLOW IN Anywhere As rules in UFW. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
