How do I test my firewall rules?

Question

I've setup some rules in ufw on a remote server and I've turned the firewall on. Now I want to ensure my rules actually block traffic. However, when running nmap -PN -p <my_port> <ip> from my local workstation it appears the port I'm blocking is still open. At least nmap is reporting 'open' (which doesn't seem right). On the server if I run ufw status verbose it reports:

...
Status: Active
Default: deny (incoming), allow (outgoing)
To          Action   From
--          ------   ----
22          ALLOW IN Anywhere
<my_port>   DENY IN  Anywhere

Shouldn't this nmap be reporting as closed? How do I correctly test these rules?

score 1 · Answer 1 · answered Mar 07 '15 at 18:08

1

The way I test if a rule works: telnet host port

If it times out (or responds however the firewall should reject), then no connection will be established, which means the firewall is blocking the traffic as desired. If the rule does not work, you'll see some kind of response. Might not work in 100% of situations, but for the usual stuff someone does at home it's enough.

answered Mar 07 '15 at 18:08

Daniel

188
4

1

And there should be a rejection in the ufw logging. https://serverfault.com/questions/516838/where-are-the-logs-for-ufw-located-on-ubuntu-server – Chase Oct 29 '18 at 20:28

alexus · Answer 2 · 2014-05-08T20:36:50.680

0

from your output: it says that by default ufw deny all incoming traffic and you just opened port 22 to be allowed in, so then for your test, you SHOULD be able to ssh in via port 22 as port is open, and whenever you try to reach out to any other ports they'll be closed/deny.

edited May 08 '14 at 20:36

answered May 08 '14 at 20:20

alexus

12,342
27
115
173

How do I test my firewall rules?

2 Answers2