Here's an example log message:
May 25 10:36:07 myserver kernel: [7057243.392334] [UFW BLOCK] IN=eth0 OUT= MAC=00:02:55:67:82:eb:00:06:b1:3a:ef:62:08:00 SRC=69.197.128.26 DST=192.168.100.101 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=0 PROTO=TCP SPT=48788 DPT=80 WINDOW=972 RES=0x00 RST URGP=0
My understanding is that DPT
stands for "destination port", but since I have ufw configured to allow incoming connections on port 80, I'm puzzled as to why I'd be seeing such a log message -- a log message which seems to be indicating ufw blocked a connection attempt on that port.
The following are the relevant lines from ufw status
:
To Action From
-- ------ ----
80/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere (v6)
I've now seen this on both Ubuntu 11.10, and now (after upgrading the same machine) on Ubuntu 12.04.