Adding program rules to ufw application.d open ports to ALL apps?

Nemesis

Member
Joined
Nov 19, 2019
Messages
31
Reaction score
5
Credits
46
Hi all!

I've been looking around for a solution to specify ufw firewallrules for a specific program.
I found out that using the applications.d should do the trick.

However, upon adding the rules to the firewall, the firewall opens the port for all applications, not only the one I specified..

Basically I'm denying both incoming and outgoing on ufw, and then add the following to a file called OVPN in the applications.d directory

[OVPN]
title=Ovpn
description=Ovpn client
ports=53,1194,1195/udp|53,443,7505/tcp


I can't figure out why this opens the port for all programs on the computer..

Anybody got any suggestions?
 


Firewalls generally don't go to the application level.
The OSI model starts at the bottom and goes up.

If a port is open. It's always open for everything. About all you can control
is IP addresses (white-listing) and ports.

Basically the port IS the application. In other words, the port is what makes something application specific.

If you don't want an application to use the same port as another application (most applications avoid doing this by default) simply use another port.

53 is generally dns.
443 is usually https.

Keep in mind, firewalls usually only block what is incoming to your computer.
They don't block what is outgoing from your computer.
 
Technically, you can make the OVPN service run under a specific user and add an iptable with the "owner" module to allow the network traffic of this user with any filter that please you.

But I guess you will have a hard time finding a GUI to do this.
 
4713


I couldn't find a way to capture the whole pull down menu. (Screen snapshot didn't work)
But there GUI's for openVPN.

There are also GUI's for firewals.

4714


Man... I need to figure out how to capture pull down menus. :) (I don't use GUI very much).
 
Hi all, sorry for the long delay, didn't get any notification about your answers.

I actually solved it by using iptables.
Ia allowed all on the tun0 network, and dropped everything on my eth0, except IP numbers to the vpn servers and their dns.

That way couldn't anything contact anything except the vpn server..
 
View attachment 4713

I couldn't find a way to capture the whole pull down menu. (Screen snapshot didn't work)
But there GUI's for openVPN.

There are also GUI's for firewals.

View attachment 4714

Man... I need to figure out how to capture pull down menus. :) (I don't use GUI very much).

Greetins @dos2unix
Here's one way to get the whole menu. It took me two screen shots to do it, but seems to work pretty good.
Screenshot from 2019-12-09 12-21-23.png

Screenshot from 2019-12-09 12-23-18.png


Hope this helps.
Old Geezer
TC
 

Staff online


Top