How to block forwarding of specific host

Asked by Martijn on 2014-08-25

I have a home server running UFW that acts as router for a number of PC's/phones on my network. The layout is
PC -> Homeserver with UFW -> ADSL modem/router -> internet.
As default policiies I enable outgoing and forwarding (using sysctl.conf) and disable incoming connections.
Now I want to block one or more specific hosts. Therfore I add a reject line using "ufw insert 1 deny from 192.168.0.x"
This block incoming connections to the homeserver but still allows forwarding.
Is it possible to block forwarding for specific hosts using the commandline interface? I would really like to do so since I need a user friendly and scriptable firewall configuration tool.

My UFW configuration looks like:

#ufw status verbose
Status: active
Logging: on (medium)
Default: reject (incoming), allow (outgoing)
New profiles: skip

To Action From
-- ------ ----
Anywhere REJECT IN 192.168.0.11
Anywhere ALLOW IN 192.168.0.0/24
22 ALLOW IN Anywhere
80 ALLOW IN Anywhere
993 ALLOW IN Anywhere
143 ALLOW IN Anywhere
631 ALLOW IN Anywhere
22 ALLOW IN Anywhere (v6)
80 ALLOW IN Anywhere (v6)
993 ALLOW IN Anywhere (v6)
143 ALLOW IN Anywhere (v6)
631 ALLOW IN Anywhere (v6)

I am running 0.31 from Debian testing

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu ufw Edit question
Assignee:
No assignee Edit question
Last query:
2014-08-25
Last reply:
2014-08-26

On the UFW server, what is the outpu of:

lsb_release -a; uname -a; apt-cache policy ufw

Thanks

Martijn (martijnb) said : #2

lsb_release -a:
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 7.5 (wheezy)
Release: 7.5
Codename: wheezy

uname -a:
Linux ebox 3.2.0-4-486 #1 Debian 3.2.57-3+deb7u2 i586 GNU/Linux

apt-cache policy ufw:
ufw:
  Installed: 0.31.1-2
  Candidate: 0.31.1-2
  Version table:
 *** 0.31.1-2 0
        500 ftp://ftp.nl.debian.org/debian/ stable/main i386 Packages
        100 /var/lib/dpkg/status

Thanks for your quick reply.

You are using Debian. This forum is for Ubuntu support only. I suggest you post on the Debian forum :
http://forums.debian.net

Martijn (martijnb) said : #4

As far as I know, UFW is developed within Ubuntu. I could not find a user forum or developer address except for launchpad, so I asked my question here.

Debian isn't supoprted here. You are using Debian.

https://en.wikipedia.org/wiki/Uncomplicated_Firewall

UFW is not developed within Ubuntu, it is just packaged so that it works with how Ubuntu works. It has it's own maintainers which develop code and is then packaged by package maintainers for various distributions.

Please post on the Debian forum.

Can you help with this problem?

Provide an answer of your own, or ask Martijn for more information if necessary.

To post a message you must log in.