The rule in UFW for SR.CSR.CS.RC IP is:
ufw allow from SR.CSR.CS.RC
As described in the rule, SR.CSR.CS.RC can access this server over any enabled port.
But, when UFW is up and running, some lines are appears in UFW log file about request from SR.CSR.CS.RC IP has been blocked.
[UFW BLOCK] IN=ens3 OUT= MAC=11:00:11:00:11:ff:00:11:11:bb:ee:00:00:00 SRC=SR.CSR.CS.RC DST=D.ST.DST.DST LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=xyxyxy DF PROTO=TCP SPT=SPTSP DPT=SPTDP WINDOW=501 RES=0x00 ACK FIN URGP=0
Why am I seeing those logs while SR.CSR.CS.RC IP has be full access?
Is it possible to UFW considers requests from SR.CSR.CS.RC IP are DOS attacks?
Note: SR.CSR.CS.RC is IP in disguise
Is this entry related with this: UFW logs blocked request on open port, what am I missing?
I was searching the net with the very similar problem on my hands, and here is what I found. Ufw has several rule files:
before.rules - rules that should be run before the ufw command line added rules
user.rules - these are rules we add with ufw command
after.rules - rules that should be run after the ufw command line added rules (and same for IPv6)
In before.rules you can find these:
# drop INVALID packets (logs these in loglevel medium and higher) -A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny -A ufw-before-input -m conntrack --ctstate INVALID -j DROP
# all other non-local packets are dropped -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny -A ufw-not-local -j DROP
So I assume that those [UFW BLOCK] log entries are caused by either of those - after all they are the only rules with logging.