On Thu, Feb 14, 2013 at 12:02:51PM +0000, Mark Fraser wrote: > I've recently noticed that I've been getting lots of [UFW BLOCK] in my > syslogs: > > [ 6378.481677] [UFW BLOCK] IN=eth0 OUT= > MAC=50:46:5d:b8:7a:58:1c:c6:3c:9b:dd:0e:08:00 SRC=173.194.41.99 > DST=192.168.2.102 LEN=40 TOS=0x08 PREC=0x40 TTL=55 ID=17891 PROTO=TCP SPT=443 > DPT=50069 WINDOW=0 RES=0x00 RST URGP=0 > > [ 6391.079634] [UFW BLOCK] IN=eth0 OUT= > MAC=50:46:5d:b8:7a:58:1c:c6:3c:9b:dd:0e:08:00 SRC=173.194.66.108 > DST=192.168.2.102 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=35432 PROTO=TCP SPT=995 > DPT=52449 WINDOW=0 RES=0x00 RST URGP=0 > > Going from the above, I tried to add rules for ports 443 and 995, but the > ports are still blocked.
These are not _to_ 443 and 995, but _from_ those ports. These are coming in to your random application ports (high port numbers). -apw -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
