Make ufw follow iptable rules












1















I have a bunch of configuration in ufw that I want to avoid porting to iptables (unless there is a easy way to export from ufw and import in iptables). Simplicity of ufw etc. being the reason.



Now I want to block outgoing network for a user on the system using - How to disable internet for a user on a system



But the problem is that if I have ufw enabled, it ignores iptable rules.



How do I ask ufw to follow iptable rules as well or maybe implement that user block in ufw?






networking 18.04 iptables firewall ufw







share|improve this question























  • Interesting question! There's a closely related question, with a comprehensive answer, over at serverfault: serverfault.com/questions/198398/…

    – aplaice
    Jan 21 at 1:08
















1















I have a bunch of configuration in ufw that I want to avoid porting to iptables (unless there is a easy way to export from ufw and import in iptables). Simplicity of ufw etc. being the reason.



Now I want to block outgoing network for a user on the system using - How to disable internet for a user on a system



But the problem is that if I have ufw enabled, it ignores iptable rules.



How do I ask ufw to follow iptable rules as well or maybe implement that user block in ufw?






networking 18.04 iptables firewall ufw







share|improve this question























  • Interesting question! There's a closely related question, with a comprehensive answer, over at serverfault: serverfault.com/questions/198398/…

    – aplaice
    Jan 21 at 1:08














1












1








1








I have a bunch of configuration in ufw that I want to avoid porting to iptables (unless there is a easy way to export from ufw and import in iptables). Simplicity of ufw etc. being the reason.



Now I want to block outgoing network for a user on the system using - How to disable internet for a user on a system



But the problem is that if I have ufw enabled, it ignores iptable rules.



How do I ask ufw to follow iptable rules as well or maybe implement that user block in ufw?






networking 18.04 iptables firewall ufw







share|improve this question














I have a bunch of configuration in ufw that I want to avoid porting to iptables (unless there is a easy way to export from ufw and import in iptables). Simplicity of ufw etc. being the reason.



Now I want to block outgoing network for a user on the system using - How to disable internet for a user on a system



But the problem is that if I have ufw enabled, it ignores iptable rules.



How do I ask ufw to follow iptable rules as well or maybe implement that user block in ufw?






networking 18.04 iptables firewall ufw




networking 18.04 iptables firewall ufw






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 18 at 23:05









RajRaj

110119




110119













  • Interesting question! There's a closely related question, with a comprehensive answer, over at serverfault: serverfault.com/questions/198398/…

    – aplaice
    Jan 21 at 1:08



















  • Interesting question! There's a closely related question, with a comprehensive answer, over at serverfault: serverfault.com/questions/198398/…

    – aplaice
    Jan 21 at 1:08

















Interesting question! There's a closely related question, with a comprehensive answer, over at serverfault: serverfault.com/questions/198398/…

– aplaice
Jan 21 at 1:08





Interesting question! There's a closely related question, with a comprehensive answer, over at serverfault: serverfault.com/questions/198398/…

– aplaice
Jan 21 at 1:08










1 Answer
1






active

oldest

votes


















0














Following @aplaice's comment, I added the following line in /etc/ufw/after.rules 



-A ufw-after-output -m owner --uid-owner idea -j REJECT

# don't delete the 'COMMIT' line or these rules won't be processed

COMMIT


You have to add it for the chain ufw-after-output and before COMMIT.



Restart ufw service after that.






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1111004%2fmake-ufw-follow-iptable-rules%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Following @aplaice's comment, I added the following line in /etc/ufw/after.rules 



    -A ufw-after-output -m owner --uid-owner idea -j REJECT
    
# don't delete the 'COMMIT' line or these rules won't be processed
    
COMMIT


    You have to add it for the chain ufw-after-output and before COMMIT.



    Restart ufw service after that.






    share|improve this answer




























      0














      Following @aplaice's comment, I added the following line in /etc/ufw/after.rules 



      -A ufw-after-output -m owner --uid-owner idea -j REJECT
      
# don't delete the 'COMMIT' line or these rules won't be processed
      
COMMIT


      You have to add it for the chain ufw-after-output and before COMMIT.



      Restart ufw service after that.






      share|improve this answer


























        0












        0








        0







        Following @aplaice's comment, I added the following line in /etc/ufw/after.rules 



        -A ufw-after-output -m owner --uid-owner idea -j REJECT
        
# don't delete the 'COMMIT' line or these rules won't be processed
        
COMMIT


        You have to add it for the chain ufw-after-output and before COMMIT.



        Restart ufw service after that.






        share|improve this answer













        Following @aplaice's comment, I added the following line in /etc/ufw/after.rules 



        -A ufw-after-output -m owner --uid-owner idea -j REJECT
        
# don't delete the 'COMMIT' line or these rules won't be processed
        
COMMIT


        You have to add it for the chain ufw-after-output and before COMMIT.



        Restart ufw service after that.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jan 21 at 11:40









        RajRaj

        110119




        110119






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1111004%2fmake-ufw-follow-iptable-rules%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Human spaceflight

            Image
            Human spaceflight From Wikipedia, the free encyclopedia Jump to navigation Jump to search "Space traveler" redirects here. For other uses, see Space traveler (disambiguation). @media all and (max-width:720px){.mw-parser-output .tmulti>.thumbinner{width:100%!important;max-width:none!important}.mw-parser-output .tmulti .tsingle{float:none!important;max-width:none!important;width:100%!important;text-align:center}} Apollo 11 crewmember Buzz Aldrin on the Moon, 1969 International Space Station crewmember Tracy Caldwell Dyson views the Earth, 2010 Space Shuttle Discovery heads into space with a crew aboard, STS-121 in 2006 Inside a space suit on the Canadarm, 1993 Human spaceflight (also referred to as crewed spaceflight or manned spaceflight ) is space travel with a crew or passengers aboard the spacecraft. Spacecraft carrying people may be operated directly, by human crew, or it may be e
            Read more

            Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

            Image
            0 1 What exactly does the error message beginning with E: mean? I assume it has to do with the file structure on Ubuntu-on-Windows, but what exactly? The following package was automatically installed and is no longer required: os-prober Use 'apt-get autoremove' to remove it. The following extra packages will be installed: libxslt1.1 The following NEW packages will be installed: libxslt1.1 xmlstarlet 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 435 kB of archives. After this operation, 1023 kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main libxslt1.1 amd64 1.1.28-2build1 [145 kB] Get:2 http://archive.ubuntu.com/ubuntu/ trusty/universe xmlstarlet amd64 1.5.0-1 [290 kB]
            Read more

            File:DeusFollowingSea.jpg

            Image
            File:DeusFollowingSea.jpg From Wikipedia, the free encyclopedia Jump to navigation Jump to search File File history File usage No higher resolution available. DeusFollowingSea.jpg ‎ (238 × 211 pixels, file size: 12 KB, MIME type: image/jpeg ) Summary [ edit ] Media data and Non-free use rationale Description Cover art of the Deus CD Following Sea Author or copyright owner Deus Source (WP:NFCC#4) rocksucker.co.uk Date of publication 2012 Use in article (WP:NFCC#7) Following Sea Purpose of use in article (WP:NFCC#8) to serve as the primary means of visual identification at the top of the article dedicated to the work in question. Not replaceable with free media because (WP:NFCC#1) n.a. Minimal use (WP:NFCC#3) Low res image used in infobox of the article on the album Respect for commercial opportunities (WP:NFCC#2) n.a. Fair use Fair use of co
            Read more