-
-
Save duboisf/40fa6f4036f708d32dd1c34a3af6805a to your computer and use it in GitHub Desktop.
| sudo ufw allow in on zcctun0 proto any from 10.0.0.0/8 to 100.64.0.1 port 9000 | |
| sudo ufw allow in on zcctun0 proto any from 100.64.0.0/16 to 100.64.0.1 port 9000 | |
| sudo ufw allow in on zcctun0 proto any from 100.64.0.0/16 to 100.64.0.1 port 9010 | |
| sudo ufw allow in on zcctun0 proto udp from 100.64.0.0/16 to 100.64.0.1 |
Was seeing stuff like:
[UFW BLOCK] IN=tun0 OUT= MAC= SRC=100.64.0.6 DST=100.64.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50264 DF PROTO=TCP SPT=35296 DPT=9000 WINDOW=64240 RES=0x00 SYN URGP=0
the udp rule is for dns queries, otherwise the first dns query times out after 5 seconds (second query with your usual dns servers works). This is because when you enable zscaler it prepends a dns server to your usual list and that one gets blocked by ufw. You can see your dns config with
cat /etc/resolv.conf
ip route | grep tun0
10.0.0.0/8 via 100.64.0.1 dev tun0 scope link
100.64.0.0/16 via 100.64.0.1 dev tun0 scope link
100.64.0.0/16 dev tun0 proto kernel scope link src 100.64.0.1
ok trying to access stuff behind zscaler I see I might be missing other rules 😭
ok so was trying to connect to a server in 10.0.0.0/8 and it wasn't working, so added another rule:
sudo ufw allow in on tun0 proto tcp from 10.0.0.0/8 to 100.64.0.1 port 9000
Was having issues updating zscaler, saw that apparmor was blocking zscaler, found https://help.zscaler.com/client-connector/resolving-auto-update-issues-zscaler-client-connector-linux-1.2
Had to uppate the ufw rules as the interface name is now zcctun0, used to be tun0.
This solved the Endpoint FW/AV Error issue I was having on Manjaro with ZScaler 1.4.1.41, thanks!
Works perfectly on Ubuntu 22.04 with ZScaler 1.5.0.37. Thank you!
While running zscaler I was tailing kernel logs to see the blocked packets with: