I was monitoring UFW today and noticed that it was periodically blocking allowed TOR traffic. any ideas why from those with more experience than I?
toradmin@IrvineTorExit:~$ sudo ufw status Status: active
To Action From -- ------ ---- 22 ALLOW Anywhere 9001/tcp ALLOW Anywhere 9030/tcp ALLOW Anywhere 80 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 9001/tcp (v6) ALLOW Anywhere (v6) 9030/tcp (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6)
toradmin@IrvineTorExit:~$ sudo tail -f /var/log/syslog | grep DPT=9001
Jun 22 15:38:12 IrvineTorExit kernel: [ 2159.246977] [UFW BLOCK] IN=eth0 OUT= MAC=04:01:1b:5e:9a:01:28:8a:1c:64:cf:f0:08:00 SRC=92.108.200.200 DST=188.226.199.250 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=10392 DF PROTO=TCP SPT=52000 DPT=9001 WINDOW=16652 RES=0x00 ACK URGP=0 Jun 22 15:38:12 IrvineTorExit kernel: [ 2159.246988] [UFW BLOCK] IN=eth0 OUT= MAC=04:01:1b:5e:9a:01:28:8a:1c:64:cf:f0:08:00 SRC=92.108.200.200 DST=188.226.199.250 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=10396 DF PROTO=TCP SPT=52000 DPT=9001 WINDOW=16652 RES=0x00 ACK URGP=0
Regards, Jeff