Subj : Re: allow non root user access to ufw
To   : Zylone
From : Zylone
Date : Sun Aug 29 2021 03:29 am

 Zy> 1-Blocked connection + 2021.08.28 13:48:01  TELNET > Connect on slot
 Zy> 1/255 (188.148.147.88) + 2021.08.28 13:48:01  TELNET 1-HostName
 Zy> c188-148-147-88.bredband.tele2.se + 2021.08.28 13:48:01  TELNET
 Zy> 1-Blocked connection + 2021.08.28 13:48:04  EVENT Running event:
 Zy> Firewall Ban Linux + 2021.08.28 13:48:04  EVENT Cmd: sudo /usr/sbin/ufw
 Zy> deny from 188.148.147.88 + 2021.08.28 13:48:04  EVENT Res: 0

UPDATE.. So I thought I was being slick and everything was good to go. NO. I am used to using pf one OpenBSD, which matches firewall rules by the last matching rule. ufw applies by first match and moves on.

SO.. what was happening was, I had default deny all inbound, and then allow the ports the BBS uses. Mystic was in fact adding deny rules, AFTER the allow rules obviously. So.. when a bot would hit me again, it would hit the allow rule and move on.

This is really janky.. but, until I learn a more dynamic way of doing this.. this is working.. I have updated the event to the following:

    sudo ufw delete allow 22223 && sudo ufw deny from @IP@ && sudo ufw allow 22223

What this is doing is deleting the rule to allow traffic to port 22223 (my telnet port that my main router forwards to) and then it adds a rule to deny the offending IP, and finally it adds the allow 22223 rule back in place. This ensures that the allow rule is always LAST, after the DENY rules!

|15Z|07ylone 

--- Mystic BBS v1.12 A47 2021/08/19 (Linux/64)
 * Origin: bbs.planetcaravan.org:23 ssh:1337 (21:3/150)

.