Why is ufw logging 'BLOCK' messages regarding a port for which ufw is configured to 'ALLOW' connections?
The thread referenced by Caffeine Coma indicates this is related to low-level technicalities in closing TCP network connections... Obscure and subtle differences between the way operating systems (Windows, Mac, Linux) handle connection termination apparently result in some harmless confusion between server and client, and this somehow results in the above-described log messages.
I don't entirely understand the technicalities, nor why this would lead to UFW "BLOCK" log messages, but I'll take it, as it's the only answer I've come across that makes any sense, and I've seen no other symptom of something being wrong on my server -- only these harmless (albeit annoying) UFW log messages.
Refer to the mentioned forum thread for a more technical explanation.
I can explain it a bit in detail, without getting technical.
I'll just use a simile.
Just imaging two people talking to each other and let's asume that they do business with each other and furthermore that they agree to conduct their business in a certain way.
Every time they have a transaction, it is done the same way.
Meet and Greet - they agree that a transaction is only successful if they sit in the same room and shake hands, at the beginning. It's a mandatory step.
Listening and Re"send" - They agree that a transaction is only successful, if all the data necessary to this transaction is understood and if one side doesn't get a proper response, they reevalute the status and "retalk" about certain aspects of this transaction, until both sides are satisfied with the result and agree that the transaction is in order.
This includes
- a) The confirmation in form of a handshake at the beginning of every meetup and b) A final confirmation at the end from both sides. Also the seller has to remain in the room for a certain time until he is sure the buyer has left satsified.
The TCP connections work in a similar way. Is there soemthing wrong then the firewall tells you about this.
Could be a fake buyer, who just says hello and then leaves again (probe) Could be a real buyer, which isn't so certain anymore in the middle of things and leaves the room (user) Could be a communications problem (routing, network, etc.)
HTH, s1mmel