Fail2Ban & UFW banning after UDP requests

[ADadlDudlDa]

Hello Team,

I have got a fresh nextcloudpi installation with version 1.51.1.

I have activated the "Uncomplicated Firewall" (UFW) and Fail2Ban:

Also DynDNS is active, and Fritz.Box is distributing the NextcloudPI installation as local DNS Server.

UFW is reporting this logon failure to /var/log/ufw.log Apr 10 11:08:08 nextcloudpi kernel: [42554.194148] [UFW BLOCK] IN=eth0 OUT= MAC= ... LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=54790 PROTO=UDP SPT=61128 DPT=53 LEN=44 Because of this entries fail2ban is sending my computer to jail.

Unfortunatelly I do not know, with UDP requests my computer is sending.

Even, if this is a standard installation without any changes, I belive that this requests should not be shown as failures in the UFW.

Thank you

superma

[victor-rays]

Unless I'm mistaken port 53 is typically used for the DNS, have you allowed the DNS packages on port 53 in ufw?

See this article: https://www.cyberciti.biz/faq/howto-open-dns-port-53-using-ufw-ubuntu-debian/

Since you mentioned having a local DNS I suspect you will need to do this to fail2ban as well

https://www.fail2ban.org/wiki/index.php/Whitelist

I don't know but you might also need to turn off dnsmasq for ncp if it's active, if you're using your own local DNS server

[ADadlDudlDa]

Dear ZendaiOwl,

thank you for your quick reply. Now I know that it is port 53. 👍

And to answer your question: No, I have not allowed them now. If you would like, I can allow them as described in your linked articles

But, even it works with this settings, I think it should be included in the nextcloudpi distribution itself. That is why I have opened it as a "bug".

Should I try to change my settings, for testing purposes, so that later someone can add them to the NextcloudPi distribution?

Thank you

Manuel