Should ufw block access to localhost?

Colin Law clanlaw at gmail.com
Wed Mar 13 22:10:27 UTC 2019


I am setting up ufw on a server and have a symptom I don't understand.
I am running mosquitto with TLS on port 8883 on the server so in ufw I
have opened that port
sudo ufw allow 8883
and can then access port 8883 from another machine, as expected.  I
cannot access it if I do not open that port, again as expected.

However I also access mosquitto locally on the server using
localhost:8883 and the feature I do not understand is that if ufw is
enabled then I cannot access it via localhost whether the port is
opened or not.  If I *disable* ufw then I *can* access mosquitto via
localhost.

ufw status shows
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
80                         ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere
8883                       ALLOW IN    Anywhere
22 (v6)                    ALLOW IN    Anywhere (v6)
80 (v6)                    ALLOW IN    Anywhere (v6)
443 (v6)                   ALLOW IN    Anywhere (v6)
8883 (v6)                  ALLOW IN    Anywhere (v6)

Can anyone explain what is going on?

Colin



More information about the ubuntu-users mailing list