1

I have blocked 27018 using ufw but still, I can connect to that port from my computer using mongo command line tool. is there any solution to this? I tried to run ufw reload but result is still the same

nikoss
  • 113
  • 6
  • I can confirm a bug in docker and/or UFW. My MongoDB got hacked despite blocking the port in UFW. – jpdus Mar 03 '18 at 14:30

1 Answers1

1

It is possible that traffic from localhost is not affected by ufw.

You might try to add from 127.0.0.1 to your rule and see if that canges anything.

Else, I would recommend to block that port directly in iptables.

EDIT: To completely block port 27018, run the following command: iptables -I INPUT 1 -p tcp --dport 27018 -j DROP
(You might want to try iptables -I FORWARD 1 -p tcp --dport 27018 -j DROP too, to avoid forwarding anything on this port)

Note: This does block traffic to port 27018 from EVERYWHERE, even from 127.0.0.1. If the rule vanishes after a reboot, read up on how to preserve iptable rules across reboots (Which may not be advised because of ufw)

As a personal recommendation: Though ufw is a really easy to learn and use firewall, I would recommend to learn using iptables directly, because it offers more fine-tunable options.

Tim Schumacher
  • 556
  • 3
  • 12
  • this is the remote machine i am connecting from my own computer so im not on local machine – nikoss Aug 27 '17 at 18:21
  • @nikoss You said in your question that you still can connect to that port from your "local machine", so I thought you meant that you host mongodb on the same computer you are trying to connect from. Could you supply the output of `iptables -vnL` (sudo may be needed)? Also, what is the default for incoming packages sent to? – Tim Schumacher Aug 27 '17 at 18:30
  • https://pastebin.com/yZUySjqG this is the output – nikoss Aug 27 '17 at 19:54
  • It may be possible that Docker is tampering with your ufw rules. See my updated answer on how to block the port directly in iptables to bypass all other rules (like the ones from Docker) – Tim Schumacher Aug 27 '17 at 20:08
  • can you advise me a real good guide for iptables ? – nikoss Aug 27 '17 at 20:27
  • Those two helped me the most: https://help.ubuntu.com/community/IptablesHowTo for the commands and https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/ for understanding the technics behind iptables. Note: I have been using Solution #2 on the ubuntu page to make my iptables rules persistent. Also, you might want to remove ufw and reboot your machine before making your iptables changes persistent. – Tim Schumacher Aug 27 '17 at 20:32
  • i just tried this now but still i can connect to mongodb – nikoss Aug 27 '17 at 21:16
  • My advice: Disable Docker iptables with this Guide https://linuxconfig.org/how-to-disable-docker-s-iptables-on-systemd-linux-systems, uninstall ufw and reboot to start with clean iptables and try the iptables command from above again. Also, are you sure that the communication for mongodb only uses this single port? – Tim Schumacher Aug 28 '17 at 03:24