Thanks for the help, but adding the nf_conntrack_sane module didn't help. Adding it and adding ufw allow rules for some packets that were being reported as dropped didn't help. The only way that it reliably works is if I set syncookies to 1 as described above.
I'm not sure there really is a syncookies problem, but that's the only way I can make my scanner work with the firewall enabled. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1631553 Title: With UFW enabled, kernel reports SYN flooding Status in ufw package in Ubuntu: Invalid Bug description: So, this is a fun one. I have an Epson XP-610 multifunction scanner/printer/coffeemaker/whiskey distillery. It uses an XSane plugin, which spawns an intermediary network app (/usr/lib/iscan/network) which detects and talks to the scanner. These packages can all be obtained from here: http://support.epson.net/linux/en/iscan_c.html. Anyway, if you have UFW disabled, it works. If you enable UFW, however it works intermittently and takes forever to start up. Checking my syslog, I find: Oct 6 22:48:00 hiro kernel: [48176.543355] TCP: request_sock_TCP: Possible SYN flooding on port 40796. Dropping request. Check SNMP counters. A wireshark capture shows two things: 1.) It is communicating on that port on the "lo" interface, not any real interface. 2.) There's one SYN. Not a lot. Just a single SYN. And then TCP retries. And then eventually it works. Sometimes. Anyway, if I edit /etc/ufw/sysctl.conf, and set net/ipv4/tcp_syncookies=1, and then disable and reenable UFW, it works, with the following syslog entry: Oct 7 20:26:18 hiro kernel: [13666.745140] TCP: request_sock_TCP: Possible SYN flooding on port 42751. Sending cookies. Check SNMP counters. Now, to be clear, I think the syncookies is a workaround for a more serious problem. Namely, why does the kernel think it's under attack to begin with? Anyway, I'm not certain this is really a UFW bug, but I'm starting here because UFW seems to make it worse. Feel free to reclassify as a kernel bug. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: ufw 0.35-0ubuntu2 ProcVersionSignature: Ubuntu 4.4.0-38.57-generic 4.4.19 Uname: Linux 4.4.0-38-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 CurrentDesktop: XFCE Date: Fri Oct 7 20:20:00 2016 PackageArchitecture: all SourcePackage: ufw UpgradeStatus: Upgraded to xenial on 2016-09-30 (7 days ago) mtime.conffile..etc.ufw.sysctl.conf: 2016-10-06T23:11:58.680226 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1631553/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
