Something strange happened just now, im trying to figure out how exactly did it happen. On my server I was suddely able to bypass my VPN! I looked around what did happened and found that my VPN service had sent me an email that my subscription expired. What is strange is that I have ufw rules like
To Action From
[VPN server] ALLOW OUT Anywhere
Anywhere ALLOW OUT Anywhere on tun0
So it should be not allowed to access the internet outside of tun0. Why exactly did it happen? Does the VPN service change iptables or something? Any ideas? I was able to ping, wget, even surf on w3m. The thing is that when I rebooted the server, nothing could connect outside the tunnel, as it should be. Here is the whole ufw table.
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN 192.168.1.0/24
53 ALLOW IN 192.168.1.0/24
80 ALLOW IN 192.168.1.0/24
9091 ALLOW IN 192.168.1.0/24 # Transmission
2049 ALLOW IN 192.168.1.0/24 # nfs
[VPN server] ALLOW OUT Anywhere
Anywhere ALLOW OUT Anywhere on tun0
192.168.2.77 22 ALLOW OUT Anywhere
2049 ALLOW OUT Anywhere # nfs
So how in the world did my VPN company do something to bypass my ufw??? Or was it something else completely?
TIA
Best bet would be that something reloaded/changed the underlying ip/nftables bypassing ufw (ufw is just a frontend, I do not know if it periodically verifies the current rules are correct and it would feel extraneous to me if it did). Or it didn’t apply it correctly.
You can get the actual rules with
iptables-save(dunno about nftables command)That would be ‘nft list ruleset’