Why are certain things able to get through ufw firewall?
I should say up-front that I am TOTALLY new to Linux, Ubuntu, and the technical side of networking. I am setting up Ubuntu on a server computer and have learned a bit about configuring the ufw
firewall. I have set ufw to block all ports by default (sudo ufw default deny
) and so far have added rules to open a couple of ports for SSH and game servers, but there is one thing I don't understand.
- How is it that I am still able to update packages, ping IP addresses, etc. if ufw is supposedly blocking all (or almost all) of the ports?
- Does ufw automatically allow traffic back from an IP address that I have connected to?
I'm sure there is a simple technical explanation but I'm having trouble finding it via Google.
Thank you!
Unless you've set up ufw
to default-deny outgoing connections (which is not the default), then applications on your system can connect to external hosts. The connections made to external hosts are generally bidirectional - when you run, say, curl
or apt-get
, the programs make a connection to the remote host and can then both push data out and pull data down that connection.
ufw
is set to default-accept outgoing connections because default-deny is basically the same as not being connected to the network. Depending on what you're trying to secure, though, default-deny outgoing might be the right policy.