Thanks for the feedback - With AWS I was focused on security groups which only allow one to indicate what is allowed. It turns out the are ACL on the Virtual Private Cloud which allows one to deny network activity. That seemed to work as expected.
On configuring ufw if default for incoming and outing and routed is accept it seems that that should allow all traffic which is not denied - I was able to continue to use ssh without special rules - but I may not understand how default and particular rules interact. johnh... ________________________________ From: pound <[email protected]> on behalf of Joe Gooch <[email protected]> Sent: Wednesday, March 25, 2020 10:38 AM To: Pound mailing list <[email protected]> Subject: Re: [pound] configuring ufw with pound Looks like you’re on AWS – you could do it through the security policies on AWS instead as well. ------ Joe From: pound <[email protected]> on behalf of John Hayward <[email protected]> Reply-To: Pound mailing list <[email protected]> Date: Wednesday, March 25, 2020 at 3:03 AM To: "[email protected]" <[email protected]> Subject: [pound] configuring ufw with pound Hi Pound people, First thanks for this useful facility. I'm trying to set up ufw to block a few bad actors from accessing the service provided by pound. When I run ufw adding rules to deny access to these bad actors and enable ufw it appears that it blocks all traffic - I thought the issue might be routed being disabled so I enabled that and still no dice. Here is what the verbose status of ufw is: ==== root@ip-172-31-45-181:~# ufw status verbose Status: active Logging: on (low) Default: allow (incoming), allow (outgoing), allow (routed) New profiles: skip To Action From -- ------ ---- Anywhere DENY IN 5.62.43.182 Anywhere DENY IN 77.234.43.131 Anywhere DENY IN 5.62.43.158 Anywhere DENY IN 5.62.43.146 Anywhere DENY IN 5.62.43.170 Anywhere DENY IN 5.62.43.134 Anywhere DENY IN 94.25.171.231 Anywhere DENY IN 24.60.253.150 ==== Anybody have hints as to what issues there might be with using pound and ufw together? johnh... -- pound mailing list [email protected] https://urldefense.com/v3/__https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch__;!!LEf3jpjHhfEyFKU!PXEXd97UjueHqfL_g6_KTMRE4dNwtQYAh-y31DWFqkXjIz1xKLegUpMQa-4FIHk1HcjpBSA$
-- pound mailing list [email protected] https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
