I wonder why I get this error on my syslogs:
[7732763.396193] [UFW BLOCK] IN=eth0 OUT= MAC=02:8b:1a:75:d5:7b:02:8b:1a:40:00:03:08:00 SRC=x.x.x.x DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53703 DF PROTO=TCP SPT=35651 DPT=8443 WINDOW=457 RES=0x00 ACK RST URGP=0
I have just enabled the ufw. This error means that something going wrong?
Well, it means that ufw blocked a connection from SRC to DST on TCP Port 8443.
Unless you wanted this connection to be successful, it is not a bad thing.
Port 8443 is mainly used by webservices, for example it is used by VMware ESXi, or some (HTTPS) Application Servers like Apache Tomcat, serving as an alternative to the default HTTPS port 443 when that port is unavailable or blocked.
You can check if your box is running anything on that port by issuing sudo netstat -tulpen | grep 8443 or better ss:
sudo ss -tulpen | grep 8443
for TCP, UDP, listening ports, show processes, show extended information and numeric (do not resolve).
If you run:
$ tail -1 /etc/rsyslog.d/20-ufw.conf
#& stop
This #& stop means that you are logging into syslog.
Well, you just need to run this command to stop logging into to the syslog:
sudo sed '/#& stop/s/^#//' -i /etc/rsyslog.d/20-ufw.conf
sudo service rsyslog restart
This command just uncomments the first match of the pattern #& stop in the file /etc/rsyslog.d/20-ufw.conf. In this case the last line, that is why we use tail -1 to print the last line of the file.
Now verify it:
$ tail -1 /etc/rsyslog.d/20-ufw.conf
& stop
or just:
tail -f /var/log/syslog
