Question about UFW behavior/logging/blocking
by Tagiga from LinuxQuestions.org on (#578T3)
Hello! So
My UFW does not log anything if i set logging as 'low'. If i set it as 'medium' the UFW is spamming mostly things like these:
Code:kernel: [UFW ALLOW] IN= OUT=enp5s0 SRC=IP DST=IP LEN=X TOS=X TTL=X ID=X DF PROTO=UDP SPT=X DPT=X LEN=X
kernel: [UFW AUDIT] IN= OUT=enp5s0 SRC=IP DST=IP LEN=X TOS=X TTL=X ID=X DF PROTO=UDP SPT=X DPT=X LEN=X
kernel: [UFW AUDIT] IN= OUT=enp5s0 SRC=IP DST=IP LEN=X TOS=X PREC=X TTL=X ID=X DF PROTO=TCP SPT=X DPT=X WINDOW=64240 RES=0x00 SYN URGP=0
kernel: [UFW ALLOW] IN= OUT=enp5s0 SRC=IP DST=IP LEN=X TOS=X PREC=X TTL=X ID=X DF PROTO=TCP SPT=X DPT=X WINDOW=64240 RES=0x00 SYN URGP=0X=variety numbers
SRC=mostly my LAN-address (few occasions some hexcode or so)
DST=quite often my router-LAN-address, other IPs, (and few occasions some hexcode or so too)
No any [BLOCK] mentioned.
Does this mean, there's nothing to block? I'm perplexed, is internet safer these days? Or is it like this how things really should be? I've got used to see on Windows side, and also Linux side too, at least sometimes some blocking activity in logs.
I tested my system on a internet security portscan test, and my system seems to be allright, stealth-state. It didn't cause any [BLOCK] activity neither.
My UFW does not log anything if i set logging as 'low'. If i set it as 'medium' the UFW is spamming mostly things like these:
Code:kernel: [UFW ALLOW] IN= OUT=enp5s0 SRC=IP DST=IP LEN=X TOS=X TTL=X ID=X DF PROTO=UDP SPT=X DPT=X LEN=X
kernel: [UFW AUDIT] IN= OUT=enp5s0 SRC=IP DST=IP LEN=X TOS=X TTL=X ID=X DF PROTO=UDP SPT=X DPT=X LEN=X
kernel: [UFW AUDIT] IN= OUT=enp5s0 SRC=IP DST=IP LEN=X TOS=X PREC=X TTL=X ID=X DF PROTO=TCP SPT=X DPT=X WINDOW=64240 RES=0x00 SYN URGP=0
kernel: [UFW ALLOW] IN= OUT=enp5s0 SRC=IP DST=IP LEN=X TOS=X PREC=X TTL=X ID=X DF PROTO=TCP SPT=X DPT=X WINDOW=64240 RES=0x00 SYN URGP=0X=variety numbers
SRC=mostly my LAN-address (few occasions some hexcode or so)
DST=quite often my router-LAN-address, other IPs, (and few occasions some hexcode or so too)
No any [BLOCK] mentioned.
Does this mean, there's nothing to block? I'm perplexed, is internet safer these days? Or is it like this how things really should be? I've got used to see on Windows side, and also Linux side too, at least sometimes some blocking activity in logs.
I tested my system on a internet security portscan test, and my system seems to be allright, stealth-state. It didn't cause any [BLOCK] activity neither.