Iptables/ufw settings, which port to open?

[chikamichi]

Hi (again),

I'm a bit confused regarding sabre/dav traffic. I use ufw as a firewall on a Debian 8 machine, with a default policy of deny incoming/deny outgoing, and a whitelist on top of that:

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
53                         ALLOW IN    Anywhere
22                         ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere
3306                       ALLOW IN    Anywhere
8384/tcp                   ALLOW IN    Anywhere
53                         ALLOW IN    Anywhere (v6)
22                         ALLOW IN    Anywhere (v6)
80/tcp                     ALLOW IN    Anywhere (v6)
443                        ALLOW IN    Anywhere (v6)
3306                       ALLOW IN    Anywhere (v6)
8384/tcp                   ALLOW IN    Anywhere (v6)

I also use a calDav client, Agendav.

When ufw is enabled, I can't login. The only error Agendav gives me is:

Error requesting http://sabre.mydomain.tld/server.php/calendars/myid: Could not resolve host: http://sabre.mydomain.tld

When ufw is disabled, everything works as intented. It seems I'd need to allow some port/traffic here, but I just can't figure which one(s). Any insights?

[evert]

I'm not familiar enough with these firewall rules you give you any concrete advice. All I can say is that CalDAV only needs standard HTTP ports. So 80, or 443 if you use HTTPS instead. TCP only.

I'd look for advice on ufw-related forums instead.

[chikamichi]

Thank you, that's what I thought but just wanted to double check here.

[Hywan]

@evert: :+1:. @chikamichi: Sorry, I don't know ufw neither…