I am setting up a Fog server and got everything working as it should. However, when I enable UFW I am not able to transfer the image over TFTP. I have a rule allowing port 69, and the connection is able to initiate. It appears then that the file transfer gets done over a higher numbered port, and UFW blocks that. My understanding is that UFW should allow an already established connection like this to happen. I tried enabling the nf_conntrack and nf_conntrack_tftp kernel modules, and adding these 2 lines to /etc/ufw/before.rules
-A ufw-before-input -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT -A ufw-before-input -p udp --dport 69 -m state --state NEW -j ACCEPT
Is this expected behavior for UFW? Everything I’m reading seems to just point to
ufw allow tftp or
ufw allow 69. Anyone else out there running FOG with UFW enabled successfully?