Home / ubuntu / Questions / 184290
Accepted
batman
Asked: 2012-09-06 02:20:47 +0800 CST

Why I'm getting this [UFW BLOCK] in my syslogs?

  • 772

I wonder why I get this error on my syslogs:

[7732763.396193] [UFW BLOCK] IN=eth0 OUT= MAC=02:8b:1a:75:d5:7b:02:8b:1a:40:00:03:08:00 SRC=x.x.x.x DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53703 DF PROTO=TCP SPT=35651 DPT=8443 WINDOW=457 RES=0x00 ACK RST URGP=0

I have just enabled the ufw. This error means that something going wrong?

12.04

2 Answers

  1. Best Answer

    Well, it means that ufw blocked a connection from SRC to DST on TCP Port 8443. Unless you wanted this connection to be successful it is not a bad thing.

    Port 8443 is mainly used by webservices, for example it is used by VMware ESXi, or some (HTTPS) Application Servers.

    You can check if your box is running anything on that port by issueing sudo netstat -tulpen | grep 8443

    • 31

  2. If you run:

    $ tail -1 /etc/rsyslog.d/20-ufw.conf
#& stop

    This #& stop means that you are logging into syslog.

    Teo, how can I stop it?

    Well, you just need to run this command to stop logging into to the syslog:

    sudo sed '/#& stop/s/^#//' -i /etc/rsyslog.d/20-ufw.conf
sudo service rsyslog restart

    This command just uncomments the first match of the pattern #& stop in the file /etc/rsyslog.d/20-ufw.conf. In this case the last line, that is why we use tail -1 to print the last line of the file.

    Now verify it:

    $ tail -1 /etc/rsyslog.d/20-ufw.conf
& stop

    or just:

    tail -f /var/log/syslog
    • 0