Should ufw block access to localhost?

Thu Mar 14 16:03:54 UTC 2019

Sorry, I have just realised that I mis-interpreted what was going on.
The port is not, in fact, blocked to localhost but when I try to
connect to mosquitto from localhost then it takes about 60 seconds to
connect if ufw is enabled.  If ufw is disabled then it connects
immediately.  Using tcpdump I can see that during that minute there
are a dozen or so messages backwards and forwards before it connects.
But I am none the wiser as to what is going on.

If instead of trying to connect on localhost I tell it to connect
using its own IP address then it works perfectly.

Colin

On Thu, 14 Mar 2019 at 09:49, <J.Witvliet at mindef.nl> wrote:
>
> Try:  iptables --line-numbers -nvxL
> And ip6tables --line-numbers -nvxL
>
> People tend to forget the second one :-)
>
>
> Met vriendelijke groet,
> Hans Witvliet, J, Ing., DMO/OPS/I&S/APH, Kennis Team Opensource
> Coldenhovelaan 1 Maasland 3531RC Coldehovelaan 1, kamer B213
>
> -----Original Message-----
> From: ubuntu-users [mailto:ubuntu-users-bounces at lists.ubuntu.com] On Behalf Of Colin Law
> Sent: donderdag 14 maart 2019 10:10
> To: Ubuntu user technical support, not for general discussions
> Subject: Re: Should ufw block access to localhost?
>
> On Thu, 14 Mar 2019 at 08:36, Tony Arnold <tony.arnold at manchester.ac.uk> wrote:
> >
> > Hi Colin,
> >
> > I guess a detailed examination of the IPtables that UFW has set up might yield some clues. But you've no doubt done that already!
>
> No, because my knowledge of IPtables is only skin deep.  I think the
> principle reason for using ufw is to isolate one from the much more
> complex details of IPtables.
>
> What I was hoping for was at least confirmation that what I am seeing
> is, is not, expected, and if it is expected what I should do to allow
> access from localhost.  Google has not provided any leads that have
> helped me.  I found links explaining how to *block* access from
> localhost but not the reverse, which suggests to me that access should
> not be blocked by default.
>
> I can provide the IPtables list if anyone is willing, and has the
> time, to look at it, for which I would be most grateful.  If so which
> command should I use?  iptables -L?
>
> Colin
>
> Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
>
> This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users