Blocking an IP Address with UFW
-I have UFW enabled.
-I have UFW set to deny by default.
-I have UFW set to allow ports 22, 25, and 80.
When I add the rule
sudo ufw deny from 207.46.232.182
…I would expect that all traffic would be denied from that IP address, but it isn't. I've tried blocking myself and it doesn't work.
Is it possible my rules are conflicting with each other? I.e. the rules to allow port 22/25/80 are overriding the rule to deny from that one IP address? If so, how do I fix it?
I'm running Ubuntu 10.04 LTS.
3 Replies
@jzimmerlin:
Is it possible my rules are conflicting with each other? I.e. the rules to allow port 22/25/80 are overriding the rule to deny from that one IP address? If so, how do I fix it?
ufw is just creating iptables rules, so yes, they are order dependent. If your allow rules are in front of the deny, then yes, they'll match first and permit the traffic.
When in doubt, you can use "iptables –list" to dump the actual iptables rules in effect after you've let ufw establish them. The ufw chains all start with "ufw-", and if you use the verbose option of iptables you can see packet counts to see if your exclusion rule is ever matching anything.
I've used ufw on 8.04, but it looks like 10.04 added numbered status output, and you can use "ufw insert" to specify where your new rule should go in the sequence. With 8.04, I would just manually edit the user.rules file when I needed to tweak the sequence. Alternatively, for a global block, you can include the exclusion rule into the ufw "before.rules" file which always apply before user rules.
In 8.04, before.rules is in /etc/ufw, and user.rules (the result of ufw commands) is in /var/lib/ufw - not sure if that's exactly the same in 10.04.
-- David
sudo ufw insert 1 deny from 1.1.1.1
worked like a charm! THANK YOU!
A very very very slow spambot.