killer_rabbit's questions

I'm running Ubuntu 24.04.2 LTS.

As my root filesystem was critically clogged up, I was looking for a way to move my snaps to another filesystem, in my home folder. I found this thread, and decided to follow the indications it contained (I know, I should have done more research...), to the best of my limited abilities. Unfortunately, it seems that this thread did not contain an appropriate answer - and on top of this, I made some mistakes in following it - including:

• moving the wrong snap folder;
• creating the wrong symlink; and
• trying to reverse the process afterwards,

...which led me to filling up my filesystem even more. Now, none of my snaps are functional anymore. I'm looking for help to repair this mess please.

This is the log of what I did:

d@boom:~$ sudo mv /var/snap ~/snap
[sudo] password for d: 
d@boom:~$ cd /var
d@boom:/var$ ls
backups  cache  crash  lib  local  lock  log  mail  metrics  opt  run  spool  tmp
d@boom:/var$ sudo ln -s ~/snap /snap
d@boom:/var$ ls -la
total 56
drwxr-xr-x 13 root root     4096  4月  7 19:52 .
drwxr-xr-x 23 root root     4096  4月  7 19:19 ..
drwxr-xr-x  2 root root     4096  4月  7 08:04 backups
drwxr-xr-x 23 root root     4096  2月 17 17:41 cache
drwxrwsrwt  2 root whoopsie 4096  4月  6 14:49 crash
drwxr-xr-x 77 root root     4096  3月  6 18:29 lib
drwxrwsr-x  2 root staff    4096  4月 22  2024 local
lrwxrwxrwx  1 root root        9  8月 27  2024 lock -> /run/lock
drwxrwxr-x 17 root syslog   4096  4月  7 08:22 log
drwxrwsr-x  2 root mail     4096  8月 27  2024 mail
drwxrwsrwt  2 root whoopsie 4096  8月 27  2024 metrics
drwxr-xr-x  2 root root     4096  8月 27  2024 opt
lrwxrwxrwx  1 root root        4  8月 27  2024 run -> /run
drwxr-xr-x  8 root root     4096  7月 18  2017 spool
drwxrwxrwt 16 root root     4096  4月  7 19:38 tmp
-rw-r--r--  1 root root      208  8月 27  2024 .updated
d@boom:/var$ sudo ls -la
total 56
drwxr-xr-x 13 root root     4096  4月  7 19:52 .
drwxr-xr-x 23 root root     4096  4月  7 19:19 ..
drwxr-xr-x  2 root root     4096  4月  7 08:04 backups
drwxr-xr-x 23 root root     4096  2月 17 17:41 cache
drwxrwsrwt  2 root whoopsie 4096  4月  6 14:49 crash
drwxr-xr-x 77 root root     4096  3月  6 18:29 lib
drwxrwsr-x  2 root staff    4096  4月 22  2024 local
lrwxrwxrwx  1 root root        9  8月 27  2024 lock -> /run/lock
drwxrwxr-x 17 root syslog   4096  4月  7 08:22 log
drwxrwsr-x  2 root mail     4096  8月 27  2024 mail
drwxrwsrwt  2 root whoopsie 4096  8月 27  2024 metrics
drwxr-xr-x  2 root root     4096  8月 27  2024 opt
lrwxrwxrwx  1 root root        4  8月 27  2024 run -> /run
drwxr-xr-x  8 root root     4096  7月 18  2017 spool
drwxrwxrwt 16 root root     4096  4月  7 19:38 tmp
-rw-r--r--  1 root root      208  8月 27  2024 .updated
d@boom:/var$ ls
backups  cache  crash  lib  local  lock  log  mail  metrics  opt  run  spool  tmp
d@boom:/var$ ls -ln
total 44
drwxr-xr-x  2 0   0 4096  4月  7 08:04 backups
drwxr-xr-x 23 0   0 4096  2月 17 17:41 cache
drwxrwsrwt  2 0 109 4096  4月  6 14:49 crash
drwxr-xr-x 77 0   0 4096  3月  6 18:29 lib
drwxrwsr-x  2 0  50 4096  4月 22  2024 local
lrwxrwxrwx  1 0   0    9  8月 27  2024 lock -> /run/lock
drwxrwxr-x 17 0 102 4096  4月  7 08:22 log
drwxrwsr-x  2 0   8 4096  8月 27  2024 mail
drwxrwsrwt  2 0 109 4096  8月 27  2024 metrics
drwxr-xr-x  2 0   0 4096  8月 27  2024 opt
lrwxrwxrwx  1 0   0    4  8月 27  2024 run -> /run
drwxr-xr-x  8 0   0 4096  7月 18  2017 spool
drwxrwxrwt 16 0   0 4096  4月  7 19:38 tmp
d@boom:/var$ sudo mv ~/snap /var/snap
mv: error writing '/var/snap/thunderbird/common/.thunderbird/3ie11tn2.default/ImapMail/mail.da.info/INBOX.sbd/Drafts': No space left on device
mv: cannot create directory '/var/snap/thunderbird/684': No space left on device
mv: cannot create directory '/var/snap/mattermost-desktop': No space left on device
mv: cannot create directory '/var/snap/chromium': No space left on device
mv: cannot create directory '/var/snap/snap': No space left on device
mv: cannot create directory '/var/snap/metadata-cleaner': No space left on device

Later on, to clear up space, I rebooted and did

sudo rm -r /var/snap

In case it's of any use, here's what I get for snap list:

Name                       Version                     Rev    Tracking         Publisher      Notes
bare                       1.0                         5      latest/stable    canonical✓     base
chromium                   -                           3084   latest/stable    canonical✓     broken
core                       16-2.61.4-20240607          17200  latest/stable    canonical✓     core
core20                     20241206                    2496   latest/stable    canonical✓     base
core22                     20250210                    1802   latest/stable    canonical✓     base
core24                     20241217                    739    latest/stable    canonical✓     base
cups                       2.4.11-3                    1079   latest/stable    openprinting✓  -
ffmpeg-2204                7.0                         126    latest/stable    snapcrafters✪  -
ffmpeg-2404                7.1.1                       59     latest/stable    snapcrafters✪  -
firefox                    136.0.3-1                   5947   latest/stable    mozilla✓       -
firmware-updater           0+git.22198be               167    1/stable/…       canonical✓     -
gnome-42-2204              0+git.38ea591               202    latest/stable/…  canonical✓     -
gnome-46-2404              0+git.7d0cf36               77     latest/stable    canonical✓     -
gtk-common-themes          0.1-81-g442e511             1535   latest/stable/…  canonical✓     -
gtk2-common-themes         0.1                         13     latest/stable    canonical✓     -
hunspell-dictionaries      u16.04-20180902+pkg-8e08    21     latest/stable    brlin          -
kf6-core24                 6.8.2-6.11.0-6.2.5-24.12.3  22     latest/stable    kde✓           -
mattermost-desktop         5.11.2                      778    latest/stable    snapcrafters✪  -
mesa-2404                  24.2.8                      495    latest/stable    canonical✓     -
metadata-cleaner           2.5.4                       58     latest/stable    soumyadghosh✪  -
snap-store                 0+git.90575829              1270   2/stable/…       canonical✓     -
snapd                      2.67.1                      23771  latest/stable    canonical✓     snapd
snapd-desktop-integration  0.9                         253    latest/stable    canonical✓     -
thunderbird                128.8.1esr-1                684    latest/stable    canonical✓     -

I had removed Chromium in an attempt to free up space on my hard drive. Shortcuts to my snaps like Thunderbird or Firefox still appear in my system, but I can't open them. All my user data seems safe in my home folder - I just have no clue how to start cleaning up and repairing...

Today, I listed my iptables for a routine check -- and discovered two strange UFW rules that I don't remember setting up myself, referring to two specific IP addresses that I can't identify:

-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT

This is kind of scary. Did someone manage to hack into my server and add these rules? If not, what happened?

(And if some malicious agent did hack into my firewall, why would they use ports 5353 and 1900, that aren't being forwarded by my router??)