1

I have been losing all day on this. I'm trying to secure my system using UFW as a firewall, I've set all the default incoming and outgoing connections to deny. But then I created separate "allow out rules" for ports 80; 80/tcp; 80/udp for HTTP and 443; 443/tcp; 443/udp for HTTPS

However I still can't browse the net through chromium. I can if I revert the default outgoing to allow but not when it's on deny even with the rules.

My question: Why can't I browse the net at this point ? Is there a priority given to the default compared to the individual rules (that would make no sense to me)? Thanks

Improve this question
7
  • Is it a stateful firewall? Remember that when accessing something on the internet, the website will need to send you back packets, if the firewall is not able to understand that the packets are the "answer" of your request, the firewall may be blocking it.
    – Ricardo Reimao
    Commented Mar 23, 2017 at 16:30
  • Based on this article it is stateful digitalocean.com/community/tutorials/…
    – Espressotron
    Commented Mar 23, 2017 at 16:58
  • @RicardoReimao so to browse internet I also have to allow 80 incoming and 443 incoming ?
    – Espressotron
    Commented Mar 23, 2017 at 16:58
  • No it is not required,but where is your dns server located?
    – Mr.lock
    Commented Mar 23, 2017 at 17:02
  • No where it's the router that fetches dns I think. I didn't set a custom dns. I'm not running a server, just trying to secure the system from 1) outside attacks 2) outbound communications to call home in case a malware infects me or the system infecting other devices on the network.
    – Espressotron
    Commented Mar 23, 2017 at 17:06

1 Answer 1

Reset to default
0

Ok I found the solution thanks to another user on a different forum, and I'll answer my own question for reference. Comments above contain interesting information for future readers.

Basically I also had to allow port 53 to allow for the DNS. In case it helps anyone as well !

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .