I'm having a bit of a problem with a firewall configuration. I'm using GUFW.
When I launch firefox and it goes to my home page (DuckDuckGo), the browser makes several connections. For example, the output of "ss -prtu":
tcp ESTAB 0 0 10.8.8.22:32774 ec2-176-34-131-233.eu-west-1.compute.amazonaws.com:https users:(("firefox",pid=6371,fd=146))
tcp ESTAB 0 0 10.8.8.22:52114 ec2-54-229-110-205.eu-west-1.compute.amazonaws.com:https users:(("firefox",pid=6371,fd=98))
As an experiment, I want to block both incoming and outgoing connections in the range 10.8.0.0/16. I added rules to GUFW and the logs reflect this:
[12/27/2017 03:37:33 AM] Editing rule (Adding): myrule | /usr/sbin/ufw deny out from any to 10.8.0.0/16 > Rule added
[12/27/2017 03:37:06 AM] Editing rule (Adding): myrule | /usr/sbin/ufw deny in from 10.8.0.0/16 to any > Rule added
I exited Firefox, then restarted firefox and it went to it's home page as normal. In a terminal, I typed ss -prtu and my firewall commands apparently failed because this comes up:
tcp ESTAB 0 0 10.8.8.22:39908 ec2-176-34-135-167.eu-west-1.compute.amazonaws.com:https users:(("firefox",pid=9687,fd=101))
tcp ESTAB 0 0 10.8.8.22:42292 a88-221-134-48.deploy.akamaitechnologies.com:http users:(("firefox",pid=9687,fd=6))
tcp ESTAB 0 0 10.8.8.22:46624 ec2-52-72-108-51.compute-1.amazonaws.com:https users:(("firefox",pid=9687,fd=94))
tcp ESTAB 0 0 10.8.8.22:46626 ec2-52-72-108-51.compute-1.amazonaws.com:https users:(("firefox",pid=9687,fd=95))
Any idea what I'm doing wrong?
.