Ubuntu – In ufw is there any way to disable logging for a particular rule

firewallUbuntuufw

I am using UFW with a default logging policy of "low".

I would like to keep this logging on for the default deny action, but disable it for a particular IP address only. So I'd like to create one particular new rule that doesn't have logging.

Is there a way to achieve this?

I have a rather uncomplicated ufw setup so far, like this:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     LIMIT       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
22/tcp                     ALLOW       Anywhere (v6)
80/tcp                     ALLOW       Anywhere (v6)
443/tcp                    ALLOW       Anywhere (v6)

Best Answer

Found the answer right in the ufw manpage:

ufw supports per rule logging. By default, no logging is performed when a packet matches a rule.

So even though the packets from this IP were being denied anyway, to prevent them showing in the logs I had to create an explicit deny rule specifically mentioning that IP address/port.

Related Solutions

Security – Rate limiting with UFW: setting limits

UFW is designed to be "uncomplicated," which in this case means you don't have control over the particulars of the rate to which connections are limited. If you want to dig into the Python source of UFW, you could find out how to tweak it. The appropriate information is (on my Ubuntu 10.04 system) in /usr/share/pyshared/ufw/backend_iptables.py

Setting the timing issue aside, therefore, here are some answers to your rapid-fire questions at the end.

Assuming 10.10.10.0/24 is your local network, this applies the default limiting rule to port 80/tcp incoming:
```
ufw limit from any to 10.10.10.0/24 port http comment 'limit web'
```
and 3. Rate limiting is not turned on by default. To add it to every (destination) port except the range you want, use this rule. Note that rules (even with ranges) are atomic units and cannot be split up. You cannot, for example, add a rule for any port, then delete a (nonexistent) rule for a particular range to remove it. limit is not an acceptable argument to ufw default, either.
```
ufw limit from any to any port 0:29999,30006:65535
```

UFW/IPTables – Troubleshooting curl After Setting Default Outgoing Deny and Port 80 Allow

You didn't enable DNS traffic (TCP/UDP outgoing, port 53) and UDP 1024-65535 outgoing (also required for DNS.

Best Answer

Related Solutions

Security – Rate limiting with UFW: setting limits

UFW/IPTables – Troubleshooting curl After Setting Default Outgoing Deny and Port 80 Allow

Related Topic