using gufw mydeny from rule keeps showing up as rule 12 - ahead of postfix allows. Does order matter?

Asked by rudy de haas on 2020-07-28

I tried to use gufw to deny all access from 212.70.149.0/32 .

Whether I add the rule using the gui or directly it shows up as rule 12 and thus before the rules allowing access to postfix. Does the order matter? and, if so, how do I get it to be rule 23? (the next empty one; in the gui if I set it to 23 reports that I can't insert it beyond the number of rules already there (22) - insert aafter 0 and it shows up as rule 12.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu ufw Edit question
Assignee:
No assignee Edit question
Last query:
2020-07-28
Last reply:
2020-07-28
costales (costales) said : #1

Hi,

Yes, the order is important. You have a field in Add Rule popup for insert
a rule in a specific place.

Best regards.

rudy de haas (rudydehaas) said : #2

Thanks - but no. It automatically inserts the rule as #12, after the last v4 and before the v6 ones. There's something I'm missing here - a manual sure would be nice! - Here's my ufw status:
ufw status
Status: active

To Action From
-- ------ ----
80,443/tcp ALLOW Anywhere
8008/tcp ALLOW Anywhere
21/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
25/tcp ALLOW Anywhere
465/tcp ALLOW Anywhere
587/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere
143/tcp ALLOW Anywhere
993/tcp ALLOW Anywhere
Anywhere DENY 212.70.149.1
Anywhere DENY 212.70.149.19
Anywhere DENY 78.128.113.115
Anywhere DENY 212.70.149.0/24
80,443/tcp (v6) ALLOW Anywhere (v6)
8008/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
25/tcp (v6) ALLOW Anywhere (v6)
465/tcp (v6) ALLOW Anywhere (v6)
587/tcp (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
143/tcp (v6) ALLOW Anywhere (v6)

but I still see:

Jul 28 09:40:42 mail postfix/smtpd[13206]: disconnect from unknown[212.70.149.19] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jul 28 09:40:45 mail postfix/smtpd[14590]: warning: unknown[212.70.149.51]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

What am I missing?

costales (costales) said : #3

Hi,

Moved to ufw.

Best regards.

Can you help with this problem?

Provide an answer of your own, or ask rudy de haas for more information if necessary.

To post a message you must log in.