I’ve got a fairly large (70 machines) zerotier network going.
Everything is going fine except for this:
Dec 30 19:54:27 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:d8:12:65:e5:83:00:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=56035 PROTO=2
Dec 30 19:54:31 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=2405:4800:10bf:1376:dea6:32ff:fea4:e9ba DST=ff02:0000:0000:0000:0000:0001:ff00:0001 LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Dec 30 19:54:36 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=192.168.1.5 DST=190.73.246.100 LEN=32 TOS=0x00 PREC=0x00 TTL=2 ID=55699 PROTO=UDP SPT=44397 DPT=57555 LEN=12
Dec 30 19:54:38 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=33:33:ff:a4:e9:ba:d8:12:65:e5:83:00:86:dd SRC=fe80:0000:0000:0000:0000:0000:0000:0001 DST=ff02:0000:0000:0000:0000:0001:ffa4:e9ba LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Dec 30 19:54:47 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:d8:12:65:e5:83:00:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=56036 PROTO=2
Dec 30 19:54:51 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=2405:4800:10bf:1376:dea6:32ff:fea4:e9ba DST=ff02:0000:0000:0000:0000:0001:ff00:0001 LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Dec 30 19:54:55 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=192.168.1.5 DST=5.189.140.43 LEN=56 TOS=0x00 PREC=0x00 TTL=255 ID=32550 PROTO=UDP SPT=9993 DPT=56245 LEN=36
Dec 30 19:54:56 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=33:33:ff:a4:e9:ba:d8:12:65:e5:83:00:86:dd SRC=fe80:0000:0000:0000:0000:0000:0000:0001 DST=ff02:0000:0000:0000:0000:0001:ffa4:e9ba LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Dec 30 19:55:07 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:d8:12:65:e5:83:00:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=56037 PROTO=2
Dec 30 19:55:11 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=2405:4800:10bf:1376:dea6:32ff:fea4:e9ba DST=ff02:0000:0000:0000:0000:0001:ff00:0001 LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Dec 30 19:55:15 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=192.168.1.5 DST=190.73.246.100 LEN=32 TOS=0x00 PREC=0x00 TTL=2 ID=56410 PROTO=UDP SPT=9993 DPT=57555 LEN=12
Dec 30 19:55:22 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=33:33:ff:a4:e9:ba:d8:12:65:e5:83:00:86:dd SRC=fe80:0000:0000:0000:0000:0000:0000:0001 DST=ff02:0000:0000:0000:0000:0001:ffa4:e9ba LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Dec 30 19:55:27 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:d8:12:65:e5:83:00:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=56038 PROTO=2
Dec 30 19:55:30 alarm kernel: [UFW BLOCK] IN= OUT=lo SRC=2405:4800:10bf:1376:dea6:32ff:fea4:e9ba DST=2405:4800:10bf:1376:dea6:32ff:fea4:e9ba LEN=245 TC=0 HOPLIMIT=64 FLOWLBL=49461 PROTO=ICMPv6 TYPE=1 CODE=3 [SRC=2405:4800:10bf:1376:dea6:32ff:fea4:e9ba DST=2605:9880:0400:00c3:0254:f2bc:a1f7:0019 LEN=197 TC=0 HOPLIMIT=64 FLOWLBL=237596 PROTO=UDP SPT=9993 DPT=9993 LEN=157 ]
cDec 30 19:55:37 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=192.168.1.5 DST=34.71.98.154 LEN=32 TOS=0x00 PREC=0x00 TTL=2 ID=55315 PROTO=UDP SPT=44396 DPT=60377 LEN=12
Dec 30 19:55:39 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=33:33:ff:a4:e9:ba:d8:12:65:e5:83:00:86:dd SRC=fe80:0000:0000:0000:0000:0000:0000:0001 DST=ff02:0000:0000:0000:0000:0001:ffa4:e9ba LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
(some) traffic on 9993 is getting blocked and I don’t know why.
UFW status verbose be like:
$ ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
123 DENY IN Anywhere
9993/udp ALLOW IN Anywhere
53/udp ALLOW IN Anywhere
443 DENY IN Anywhere
80 DENY IN Anywhere
53 (DNS) DENY IN Anywhere
22 (v6) ALLOW IN Anywhere (v6)
123 (v6) DENY IN Anywhere (v6)
9993/udp (v6) ALLOW IN Anywhere (v6)
53/udp (v6) ALLOW IN Anywhere (v6)
443 (v6) DENY IN Anywhere (v6)
80 (v6) DENY IN Anywhere (v6)
53 (DNS (v6)) DENY IN Anywhere (v6)
443 ALLOW OUT Anywhere
80 ALLOW OUT Anywhere
123 ALLOW OUT Anywhere
53 (DNS) ALLOW OUT Anywhere
9993/udp ALLOW OUT Anywhere
443 (v6) ALLOW OUT Anywhere (v6)
80 (v6) ALLOW OUT Anywhere (v6)
123 (v6) ALLOW OUT Anywhere (v6)
53 (DNS (v6)) ALLOW OUT Anywhere (v6)
9993/udp (v6) ALLOW OUT Anywhere (v6)
It all looks fine, so I started digging and I found:
Also:
So I tried:
# Accept everything from 9993/udp
-A ufw-before-input -p udp --dport 9993 -j ACCEPT
-A ufw-before-output -p udp --dport 9993 -j ACCEPT
network is fine but does seem a bit slow. Any ieas?