I am setting up a Fog server and got everything working as it should. However, when I enable UFW I am not able to transfer the image over TFTP. I have a rule allowing port 69, and the connection is able to initiate. It appears then that the file transfer gets done over a higher numbered port, and UFW blocks that. My understanding is that UFW should allow an already established connection like this to happen. I tried enabling the nf_conntrack and nf_conntrack_tftp kernel modules, and adding these 2 lines to /etc/ufw/before.rules
-A ufw-before-input -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A ufw-before-input -p udp --dport 69 -m state --state NEW -j ACCEPT
Is this expected behavior for UFW? Everything I’m reading seems to just point to ufw allow tftp
or ufw allow 69
. Anyone else out there running FOG with UFW enabled successfully?
Thanks!