Recently I noticed there are a lot of logs related to the firewall action, which is blocking TCP packtes with ACK, FIN, or RST flags been set.
This basically tell us the packet received on interface eth0, which with source address 192.168.10.194, destination address 192.168.10.103, Protocol tcp, Destination port 80, has been blocked.
So we need to tell the iptables to accept these packets:
administrator@Confluence:~$ sudo iptables -I ufw-before-input -s 192.168.10.110 -d 192.168.10.103 -p tcp --dport 80 -j ACCEPT administrator@Confluence:~$ sudo iptables -I ufw-before-input -s 192.168.10.194 -d 192.168.10.103 -p tcp --dport 80 -j ACCEPT
Note that these entries will be deleted after a reboot, to make them persistent.
You may want to use the
iptables-persistent package rather than mess with your boot scripts. First, run your script to set up the firewall rules. Secondly, run
sudo apt-get install iptables-persistent, and follow the prompts. When it asks to save the current rules, hit “Yes” at both prompts. Now, on reboots, your iptables rules will be restored.
NOTE: If you change your rules after this, you will need to do the following command(s) after the changes:
To save your IPv4 iptables rules:
sudo su -c 'iptables-save > /etc/iptables/rules.v4'
To save your IPv6 ip6tables rules:
sudo su -c 'ip6tables-save > /etc/iptables/rules.v6'