Page MenuHomeMiraheze

UFW blocking internal IPs
Open, NormalPublic

Description

According to graylog, we're looking at having blocked 15000 or more connections from internal IP addresses each day. Also, logs on cp13 indicate that UFW is blocking ns1 and ns2 regularly, which seems to be causing the cp to depool in gdnsd.

Event Timeline

Void triaged this task as High priority.Aug 3 2021, 01:23
Void created this task.

I've confirmed we seem to have a problem with TCP packets being marked as status invalid. Adding a temporary iptables rule to log all packets that match -m state --state INVALID reveals that a large portion of traffic coming into cp13 (including from ns1!) is being flagged by the kernel as invalid. In theory, we can add a rule to drop invalid packets, as the TCP stack should recover itself. However, I don't think this is a decent solution, and I will be looking into deeper debugging to try and identify the root cause.

John lowered the priority of this task from High to Normal.Thu, Aug 26, 10:50