So I started creating a droplet on Digital Ocean and created a firewall over the web interface for the droplet.

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/56ddf627-3106-4aca-a79d-dcc61c9eaad3/Screen_Shot_2019-10-31_at_3.34.42_PM.png

After I ran sudo ufw status I was told not only logging was off, the firewall was inactive. So I followed the typical ufw linux commands to setup my firewall.

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/628af659-9178-4073-a103-7094b2b9f782/Screen_Shot_2019-10-31_at_4.41.23_PM.png

After I make sure logging is on, I waited a little bit before trying to see the logs. I found that the logs should be saved under /var/logs/ufw however, the directory is not there. That led me to believe that until the first thing is logged, the directory will be created then, so I waited for a day.

After countless attempts to try contacting the server from outside, and not being to locate the log files inside the server. I realized even sudo ls -a doesn't show the /var/ folder at root level.

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/919a15c3-c8bc-47b4-b7d5-08ac9e41693a/Screen_Shot_2019-11-02_at_11.13.07_PM.png

however, if i try to move into the directory without seeing it, it does work. sudo ls /var/log took me into the log folder with multiple logs.

By the time I got in the logs, i had two files ufw.log(the more recent one) and ufw.log.1(which has been logging since I first created the droplet). The very first attempt was from Jimo, Shandong, CN, asn resolver shows me the ISP behind the address.

Oct 31 20:45:06 sj-understanding-firewall kernel: [ 1254.689731] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=112.255.104.185 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=63498 PROTO=TCP SPT=32600 DPT=60001 WINDOW=46310 RES=0x00 SYN URGP=0 
Oct 31 20:48:46 sj-understanding-firewall kernel: [ 1474.038910] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=80.82.78.100 DST=167.172.140.72 LEN=29 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=UDP SPT=45289 DPT=80 LEN=9 
Oct 31 20:51:38 sj-understanding-firewall kernel: [ 1646.454279] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=185.156.73.45 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=26774 PROTO=TCP SPT=50625 DPT=16350 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 31 20:52:09 sj-understanding-firewall kernel: [ 1677.200915] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=185.209.0.92 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=37711 PROTO=TCP SPT=56529 DPT=13400 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 31 20:56:37 sj-understanding-firewall kernel: [ 1945.334416] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=78.61.81.129 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=13643 PROTO=TCP SPT=36192 DPT=23 WINDOW=41032 RES=0x00 SYN URGP=0 
Oct 31 20:56:37 sj-understanding-firewall kernel: [ 1945.349490] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=78.61.81.129 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=13643 PROTO=TCP SPT=36192 DPT=23 WINDOW=41032 RES=0x00 SYN URGP=0 
Oct 31 20:56:37 sj-understanding-firewall kernel: [ 1945.357197] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=78.61.81.129 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=13643 PROTO=TCP SPT=36192 DPT=23 WINDOW=41032 RES=0x00 SYN URGP=0 
Oct 31 20:56:37 sj-understanding-firewall kernel: [ 1945.378643] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=78.61.81.129 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=13643 PROTO=TCP SPT=36192 DPT=23 WINDOW=41032 RES=0x00 SYN URGP=0 
Oct 31 20:56:37 sj-understanding-firewall kernel: [ 1945.390348] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=78.61.81.129 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=13643 PROTO=TCP SPT=36192 DPT=23 WINDOW=41032 RES=0x00 SYN URGP=0 
Oct 31 20:56:37 sj-understanding-firewall kernel: [ 1945.392268] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=78.61.81.129 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=13643 PROTO=TCP SPT=36192 DPT=23 WINDOW=41032 RES=0x00 SYN URGP=0 
Oct 31 20:56:37 sj-understanding-firewall kernel: [ 1945.401927] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=78.61.81.129 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=13643 PROTO=TCP SPT=36192 DPT=23 WINDOW=41032 RES=0x00 SYN URGP=0 
Oct 31 20:56:37 sj-understanding-firewall kernel: [ 1945.423962] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=78.61.81.129 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=13643 PROTO=TCP SPT=36192 DPT=23 WINDOW=41032 RES=0x00 SYN URGP=0 
Oct 31 20:56:37 sj-understanding-firewall kernel: [ 1945.426550] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=78.61.81.129 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=13643 PROTO=TCP SPT=36192 DPT=23 WINDOW=41032 RES=0x00 SYN URGP=0 
Oct 31 20:56:37 sj-understanding-firewall kernel: [ 1945.429409] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=78.61.81.129 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=13643 PROTO=TCP SPT=36192 DPT=23 WINDOW=41032 RES=0x00 SYN URGP=0 
Oct 31 20:57:14 sj-understanding-firewall kernel: [ 1982.003318] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=197.38.61.131 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=38902 DF PROTO=TCP SPT=58475 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 
Oct 31 21:01:49 sj-understanding-firewall kernel: [ 2257.410413] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=191.100.8.147 DST=167.172.140.72 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=23921 DF PROTO=TCP SPT=52971 DPT=8080 WINDOW=5440 RES=0x00 SYN URGP=0 
Oct 31 21:01:52 sj-understanding-firewall kernel: [ 2260.414860] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=191.100.8.147 DST=167.172.140.72 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=23922 DF PROTO=TCP SPT=52971 DPT=8080 WINDOW=5440 RES=0x00 SYN URGP=0 
Oct 31 21:03:00 sj-understanding-firewall kernel: [ 2328.216601] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=37.26.131.211 DST=167.172.140.72 LEN=60 TOS=0x00 PREC=0x00 TTL=114 ID=60743 DF PROTO=TCP SPT=54732 DPT=3128 WINDOW=42340 RES=0x00 SYN URGP=0 
Oct 31 21:03:01 sj-understanding-firewall kernel: [ 2329.236163] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=37.26.131.211 DST=167.172.140.72 LEN=60 TOS=0x00 PREC=0x00 TTL=114 ID=60744 DF PROTO=TCP SPT=54732 DPT=3128 WINDOW=42340 RES=0x00 SYN URGP=0 
Oct 31 21:03:04 sj-understanding-firewall kernel: [ 2332.655480] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=46.177.51.11 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=18567 DF PROTO=TCP SPT=62296 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0 
Oct 31 21:05:45 sj-understanding-firewall kernel: [ 2493.058376] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=37.26.131.211 DST=167.172.140.72 LEN=60 TOS=0x00 PREC=0x00 TTL=114 ID=6280 DF PROTO=TCP SPT=32426 DPT=3128 WINDOW=42340 RES=0x00 SYN URGP=0 
Oct 31 21:05:46 sj-understanding-firewall kernel: [ 2494.093401] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=37.26.131.211 DST=167.172.140.72 LEN=60 TOS=0x00 PREC=0x00 TTL=114 ID=6281 DF PROTO=TCP SPT=32426 DPT=3128 WINDOW=42340 RES=0x00 SYN URGP=0 
Oct 31 21:06:15 sj-understanding-firewall kernel: [ 2522.887179] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=185.156.73.3 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=20276 PROTO=TCP SPT=56686 DPT=60771 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 31 21:06:22 sj-understanding-firewall kernel: [ 2530.164035] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=185.156.73.21 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=18944 PROTO=TCP SPT=50210 DPT=40115 WINDOW=1024 RES=0x00 SYN URGP=0
Oct 31 21:08:10 sj-understanding-firewall kernel: [ 2638.040652] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=185.156.73.14 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=64718 PROTO=TCP SPT=49726 DPT=53056 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 31 21:14:20 sj-understanding-firewall kernel: [ 3008.301393] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=81.22.45.51 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=62148 PROTO=TCP SPT=57847 DPT=8234 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 31 21:16:20 sj-understanding-firewall kernel: [ 3128.031833] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=188.225.26.215 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=1456 PROTO=TCP SPT=47864 DPT=3307 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 31 21:18:37 sj-understanding-firewall kernel: [ 3265.401236] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=80.82.64.73 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=41732 PROTO=TCP SPT=56194 DPT=65340 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 31 21:20:23 sj-understanding-firewall kernel: [ 3371.235311] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=185.209.0.83 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=14355 PROTO=TCP SPT=46859 DPT=18472 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 31 21:23:40 sj-understanding-firewall kernel: [ 3568.758821] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=185.176.27.38 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37848 PROTO=TCP SPT=55525 DPT=15555 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 31 21:23:56 sj-understanding-firewall kernel: [ 3584.628749] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=51.158.114.187 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=5540 PROTO=TCP SPT=60444 DPT=23 WINDOW=4348 RES=0x00 SYN URGP=0 
Oct 31 21:23:56 sj-understanding-firewall kernel: [ 3584.748107] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=51.158.114.187 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=5540 PROTO=TCP SPT=60444 DPT=23 WINDOW=4348 RES=0x00 SYN URGP=0 
Oct 31 21:24:01 sj-understanding-firewall kernel: [ 3589.134224] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=51.75.52.127 DST=167.172.140.72 LEN=44 TOS=0x10 PREC=0x00 TTL=114 ID=25216 PROTO=TCP SPT=26200 DPT=8787 WINDOW=63106 RES=0x00 SYN URGP=0 
Oct 31 21:24:33 sj-understanding-firewall kernel: [ 3621.108805] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=45.143.220.46 DST=167.172.140.72 LEN=409 TOS=0x00 PREC=0x00 TTL=52 ID=29590 DF PROTO=UDP SPT=5595 DPT=5090 LEN=389 
Oct 31 21:25:42 sj-understanding-firewall kernel: [ 3690.745726] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=185.216.140.6 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=59323 DPT=8089 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 31 21:27:31 sj-understanding-firewall kernel: [ 3799.270129] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=185.53.88.75 DST=167.172.140.72 LEN=443 TOS=0x00 PREC=0x00 TTL=52 ID=39344 DF PROTO=UDP SPT=5102 DPT=5060 LEN=423 
Oct 31 21:28:29 sj-understanding-firewall kernel: [ 3857.010051] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=185.200.118.40 DST=167.172.140.72 LEN=42 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=UDP SPT=40022 DPT=1194 LEN=22 
Oct 31 21:28:56 sj-understanding-firewall kernel: [ 3884.758702] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=185.156.73.11 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=10353 PROTO=TCP SPT=56985 DPT=59724 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 31 21:30:31 sj-understanding-firewall kernel: [ 3979.615932] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=185.176.27.18 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=15046 PROTO=TCP SPT=52991 DPT=18402 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 31 21:32:19 sj-understanding-firewall kernel: [ 4087.632311] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=173.249.2.130 DST=167.172.140.72 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=59749 DF PROTO=TCP SPT=38416 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0 
Oct 31 21:32:20 sj-understanding-firewall kernel: [ 4088.662916] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=173.249.2.130 DST=167.172.140.72 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=59750 DF PROTO=TCP SPT=38416 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0 
Oct 31 21:34:57 sj-understanding-firewall kernel: [ 4245.776609] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=200.29.19.51 DST=167.172.140.72 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=35216 PROTO=TCP SPT=46979 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 31 21:39:17 sj-understanding-firewall kernel: [ 4505.548833] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=221.239.81.146 DST=167.172.140.72 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=8503 DF PROTO=TCP SPT=2526 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 31 21:40:27 sj-understanding-firewall kernel: [ 4575.030394] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=71.6.158.166 DST=167.172.140.72 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=6530 PROTO=TCP SPT=26977 DPT=143 WINDOW=62444 RES=0x00 SYN URGP=0 
Oct 31 21:44:49 sj-understanding-firewall kernel: [ 4837.344899] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 SRC=222.255.207.161 DST=167.172.140.72 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=45130 PROTO=TCP SPT=56515 DPT=2323 WINDOW=58363 RES=0x00 SYN URGP=0 
Oct 31 21:45:48 sj-understanding-firewall kernel: [ 4896.765749] [UFW BLOCK] IN=eth0 OUT= MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:17:f0:08:00 SRC=203.189.74.110 DST=167.172.140.72 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=3122 DF PROTO=TCP SPT=24753 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0

In the beginning i assume the MAC address is from the src, then I found all the MAC address are the same MAC=c2:c9:4a:16:ad:3f:cc:e1:7f:a8:1b:f0:08:00 where must be of my linux server.

To help me better understand the logs, I found this

UFW is just a front end for iptables, and so those log entries are actually from iptables.

Line 1: Feb 6 16:27:08 jonasgroenbek kernel: [71910.873115]