Been dealing with this problem for a while. UFW seems to only block most of the traffic, as responses to get accepted according to the PCAPs I've done. In the example below the traffic is originating from the system and the return is getting flagged as blocked by UFW. The rule I've outlined was an attempt to see if adding a rule matching return traffic would get it to allow it. But it would not
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
32768:60999/tcp ALLOW IN 10050/tcp
Log file: (ton of entries, but they all look like the below line)
Nov 11 11:20:38 nms kernel: [54047.242636] [UFW BLOCK] IN=enp2s0 SRC=172.20.20.4 DST=10.10.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=TCP SPT=10050 DPT=57084 WINDOW=0 RES=0x00 RST URGP=0
Inside the application (zabbix) it does not flag any of the remote hosts as being unreachable, which confirms the established connections occurring in some of the pcaps I've run.
Below is a capture of a tcp connection that was allowed.
I'm at a loss here as to why UFW is sometimes allowing and sometimes blocking this return traffic. I've tried reloading the fw, reseting and reapplying rules, reinstalling ufw package, and restarting the system.