Make ufw follow iptable rules












1















I have a bunch of configuration in ufw that I want to avoid porting to iptables (unless there is a easy way to export from ufw and import in iptables). Simplicity of ufw etc. being the reason.



Now I want to block outgoing network for a user on the system using - How to disable internet for a user on a system



But the problem is that if I have ufw enabled, it ignores iptable rules.



How do I ask ufw to follow iptable rules as well or maybe implement that user block in ufw?










share|improve this question























  • Interesting question! There's a closely related question, with a comprehensive answer, over at serverfault: serverfault.com/questions/198398/…

    – aplaice
    Jan 21 at 1:08
















1















I have a bunch of configuration in ufw that I want to avoid porting to iptables (unless there is a easy way to export from ufw and import in iptables). Simplicity of ufw etc. being the reason.



Now I want to block outgoing network for a user on the system using - How to disable internet for a user on a system



But the problem is that if I have ufw enabled, it ignores iptable rules.



How do I ask ufw to follow iptable rules as well or maybe implement that user block in ufw?










share|improve this question























  • Interesting question! There's a closely related question, with a comprehensive answer, over at serverfault: serverfault.com/questions/198398/…

    – aplaice
    Jan 21 at 1:08














1












1








1








I have a bunch of configuration in ufw that I want to avoid porting to iptables (unless there is a easy way to export from ufw and import in iptables). Simplicity of ufw etc. being the reason.



Now I want to block outgoing network for a user on the system using - How to disable internet for a user on a system



But the problem is that if I have ufw enabled, it ignores iptable rules.



How do I ask ufw to follow iptable rules as well or maybe implement that user block in ufw?










share|improve this question














I have a bunch of configuration in ufw that I want to avoid porting to iptables (unless there is a easy way to export from ufw and import in iptables). Simplicity of ufw etc. being the reason.



Now I want to block outgoing network for a user on the system using - How to disable internet for a user on a system



But the problem is that if I have ufw enabled, it ignores iptable rules.



How do I ask ufw to follow iptable rules as well or maybe implement that user block in ufw?







networking 18.04 iptables firewall ufw






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 18 at 23:05









RajRaj

110119




110119













  • Interesting question! There's a closely related question, with a comprehensive answer, over at serverfault: serverfault.com/questions/198398/…

    – aplaice
    Jan 21 at 1:08



















  • Interesting question! There's a closely related question, with a comprehensive answer, over at serverfault: serverfault.com/questions/198398/…

    – aplaice
    Jan 21 at 1:08

















Interesting question! There's a closely related question, with a comprehensive answer, over at serverfault: serverfault.com/questions/198398/…

– aplaice
Jan 21 at 1:08





Interesting question! There's a closely related question, with a comprehensive answer, over at serverfault: serverfault.com/questions/198398/…

– aplaice
Jan 21 at 1:08










1 Answer
1






active

oldest

votes


















0














Following @aplaice's comment, I added the following line in /etc/ufw/after.rules



-A ufw-after-output -m owner --uid-owner idea -j REJECT
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT


You have to add it for the chain ufw-after-output and before COMMIT.



Restart ufw service after that.






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1111004%2fmake-ufw-follow-iptable-rules%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Following @aplaice's comment, I added the following line in /etc/ufw/after.rules



    -A ufw-after-output -m owner --uid-owner idea -j REJECT
    # don't delete the 'COMMIT' line or these rules won't be processed
    COMMIT


    You have to add it for the chain ufw-after-output and before COMMIT.



    Restart ufw service after that.






    share|improve this answer




























      0














      Following @aplaice's comment, I added the following line in /etc/ufw/after.rules



      -A ufw-after-output -m owner --uid-owner idea -j REJECT
      # don't delete the 'COMMIT' line or these rules won't be processed
      COMMIT


      You have to add it for the chain ufw-after-output and before COMMIT.



      Restart ufw service after that.






      share|improve this answer


























        0












        0








        0







        Following @aplaice's comment, I added the following line in /etc/ufw/after.rules



        -A ufw-after-output -m owner --uid-owner idea -j REJECT
        # don't delete the 'COMMIT' line or these rules won't be processed
        COMMIT


        You have to add it for the chain ufw-after-output and before COMMIT.



        Restart ufw service after that.






        share|improve this answer













        Following @aplaice's comment, I added the following line in /etc/ufw/after.rules



        -A ufw-after-output -m owner --uid-owner idea -j REJECT
        # don't delete the 'COMMIT' line or these rules won't be processed
        COMMIT


        You have to add it for the chain ufw-after-output and before COMMIT.



        Restart ufw service after that.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jan 21 at 11:40









        RajRaj

        110119




        110119






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1111004%2fmake-ufw-follow-iptable-rules%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Human spaceflight

            Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

            張江高科駅