I should say up-front that I am TOTALLY new to Linux, Ubuntu, and the technical side of networking. I am setting up Ubuntu on a server computer and have learned a bit about configuring the ufw firewall. I have set ufw to block all ports by default (sudo ufw default deny) and so far have added rules to open a couple of ports for SSH and game servers, but there is one thing I don't understand.
- How is it that I am still able to update packages, ping IP addresses, etc.
if ufw is supposedly blocking all (or almost all) of the ports? - Does ufw automatically allow traffic back from an IP address that I have connected to?
I'm sure there is a simple technical explanation but I'm having trouble finding it via Google.
Thank you!
Best Answer
Unless you've set up
ufwto default-deny outgoing connections (which is not the default), then applications on your system can connect to external hosts. The connections made to external hosts are generally bidirectional - when you run, say,curlorapt-get, the programs make a connection to the remote host and can then both push data out and pull data down that connection.ufwis set to default-accept outgoing connections because default-deny is basically the same as not being connected to the network. Depending on what you're trying to secure, though, default-deny outgoing might be the right policy.