4

I am currently getting this kind of message in the UFW and sys logs:

xxx kernel: [4962636.572484] [UFW BLOCK] IN=et0 OUT= MAC= SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=52 TOS=0x00 PREC=0x00 TTL=52 ID=xxxx DF PROTO=TCP SPT=22 DPT=52209 WINDOW=1452 RES=0x00 ACK URGP=0

The issue is similar to This except that the IP being blocked is my computer and it is blocking my automated backup SSH connections.

I am at a complete loss as to how to stop UFW from blocking my server. Normally I would prefer fail2ban to handle all sftp/ssh/scp however in this case UFW appears to have taken action on its own and is blocking inbound SSH attempts.

I have tried whitelisting my IP using ufw allow from xxx.xxx.xxx.xxx

Heres my UFW status:

To                         Action      From
--                         ------      ----
Anywhere                   ALLOW       xxx.xxx.xxx.xxx
22                         ALLOW       Anywhere

Where xxx.xxx.xxx.xxx is my off site backup computers IP.

Both machines are running Ubuntu server 14.04.4 and the normal apt-get install of UFW.

Aedazan
  • 302
  • 2
  • 14
  • The kicker is that it is only blocking my computer. I can SSH from other computers so I assume my automated backups have triggered something in UFW. I use sshpass in a shellscript to SSH into a jail and download my nightly backups. If it fails it tries again every 10 minutes. – Aedazan Jun 14 '16 at 08:38
  • Strange, does it work properly if you disable `ufw`? Also, was it previously working and has now stopped? – Arronical Jun 14 '16 at 08:41
  • No, I assume it has made some sort of permanent change somewhere other than the iptables. On any other server I would simply reboot but in this case its prod so I can not do that until the next scheduled downtime. – Aedazan Jun 14 '16 at 08:44
  • And the IP isn't blocked if you list iptables output? Or by grepping the fail2ban log. Sorry for asking obvious questions! – Arronical Jun 14 '16 at 08:50
  • Sadly not, tried "iptables | grep xxx.xxx.xxx.xxx" and "grep 'xxx.xxx.xxx.xxx' /var/log/ -r" – Aedazan Jun 14 '16 at 08:52
  • You did use -L on the iptables command right? – Arronical Jun 14 '16 at 08:57

0 Answers0