Adding program rules to ufw application.d open ports to ALL apps?

Nemesis

New Member
Hi all!

I've been looking around for a solution to specify ufw firewallrules for a specific program.
I found out that using the applications.d should do the trick.

However, upon adding the rules to the firewall, the firewall opens the port for all applications, not only the one I specified..

Basically I'm denying both incoming and outgoing on ufw, and then add the following to a file called OVPN in the applications.d directory

[OVPN]
title=Ovpn
description=Ovpn client
ports=53,1194,1195/udp|53,443,7505/tcp


I can't figure out why this opens the port for all programs on the computer..

Anybody got any suggestions?
 


dos2unix

Active Member
Firewalls generally don't go to the application level.
The OSI model starts at the bottom and goes up.

If a port is open. It's always open for everything. About all you can control
is IP addresses (white-listing) and ports.

Basically the port IS the application. In other words, the port is what makes something application specific.

If you don't want an application to use the same port as another application (most applications avoid doing this by default) simply use another port.

53 is generally dns.
443 is usually https.

Keep in mind, firewalls usually only block what is incoming to your computer.
They don't block what is outgoing from your computer.
 

JulienCC

Active Member
Technically, you can make the OVPN service run under a specific user and add an iptable with the "owner" module to allow the network traffic of this user with any filter that please you.

But I guess you will have a hard time finding a GUI to do this.
 

dos2unix

Active Member
4713


I couldn't find a way to capture the whole pull down menu. (Screen snapshot didn't work)
But there GUI's for openVPN.

There are also GUI's for firewals.

4714


Man... I need to figure out how to capture pull down menus. :) (I don't use GUI very much).
 

Members online


Top