This is weird, because it definitely worked correctly before–I locked myself out of SSH at first.
Here’s the current setup, with ufw enabled:
~]$ sudo ufw status verbose
[sudo] password for NON_ADMIN_USER:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skipTo Action From
10.0…x.y aa ALLOW IN Anywhere (log)
10.0.x.y bbb ALLOW IN Anywhere (log)
10.0.x.y cc ALLOW IN Anywhere (log)
10.0.x.y ddddd ALLOW IN Anywhere (log)
10.0.x.y eeeee ALLOW IN Anywhere
It is my understanding that with this setup, I should only be accepting connections on the 5 enumerated ports. Right?
Yet, from within my LAN I can connect to 10.0.x.y:fffff and connect.
ETA: Something doesn’t look right with systemctl
on this one. What does active (exited)
mean?
~]$ systemctl status ufw
● ufw.service - CLI Netfilter Manager
Loaded: loaded (/usr/lib/systemd/system/ufw.service; enabled; vendor preset: disabled)
Active: active (exited) since Sun 2020-12-20 21:51:51 CST; 4 weeks 1 days ago
Process: 189 ExecStart=/usr/lib/ufw/ufw-init start (code=exited, status=0/SUCCESS)
Main PID: 189 (code=exited, status=0/SUCCESS)
tl;dr What am I doing wrong this time?