March 31, 2016 at 11:48How to block IP addresses through ufw
The article describes how to block specific IP addresses through ufw.
UFW (Uncomplicated Firewall) is a standard iptables firewall utility for Ubuntu Linux. It uses a command line interface consisting of a small number of simple commands. UFW is a convenient way to create a basic IPv4 or IPv6 firewall to protect the server.
Syntax:
To block or close all packets with 192.168.1.5, enter:
We show the status of the firewall including the rules. To check recently added rules, enter:
or
Syntax:
To block or close the "spam" IP addresses 202.54.1.5 of port 80, enter:
We check again using the following command:
Result:
Syntax:
For example, blocking malicious IP addresses 202.54.1.1 tcp port 22, enter:
Subnet lock via ufw. The syntax is the same:
Syntax:
To remove rule # 4, enter:
Result:
Hint: UFW NOT blocking the IP address
In order to avoid unnecessary problems with unnecessary blocking, you need to change the / etc / ufw / before.rules file and add the section “Block an IP Address” after “# End required lines”.
Add your rule for block against spam or hackers:
Save and close the file. And - reload the firewall:
UFW (Uncomplicated Firewall) is a standard iptables firewall utility for Ubuntu Linux. It uses a command line interface consisting of a small number of simple commands. UFW is a convenient way to create a basic IPv4 or IPv6 firewall to protect the server.
Block specific IP addresses through ufw
Syntax:
sudo ufw deny from {ip-address-here} to any
To block or close all packets with 192.168.1.5, enter:
sudo ufw deny from 192.168.1.5 to any
We show the status of the firewall including the rules. To check recently added rules, enter:
$ sudo ufw status numbered
or
$ sudo ufw status
Block specific IP and port numbers through ufw
Syntax:
ufw deny from {ip-address-here} to any port {port-number-here}
To block or close the "spam" IP addresses 202.54.1.5 of port 80, enter:
sudo ufw deny from 202.54.1.5 to any port 80
We check again using the following command:
$ sudo ufw status numbered
Result:
Closing certain IP, port and protocol numbers through ufw
Syntax:
sudo ufw deny proto {tcp|udp} from {ip-address-here} to any port {port-number-here}
For example, blocking malicious IP addresses 202.54.1.1 tcp port 22, enter:
$ sudo ufw deny proto tcp from 202.54.1.1 to any port 22
$ sudo ufw status numbered
Subnet lock via ufw. The syntax is the same:
$ sudo ufw deny proto tcp from sub/net to any port 22
$ sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22
How to remove blocking and unlock IP addresses
Syntax:
$ sudo ufw status numbered
$ sudo ufw delete NUM
To remove rule # 4, enter:
$ sudo ufw delete 4
Result:
deny from 202.54.1.5 to any port 80
Proceed with operation (y|n)? y
Rule deleted
Hint: UFW NOT blocking the IP address
In order to avoid unnecessary problems with unnecessary blocking, you need to change the / etc / ufw / before.rules file and add the section “Block an IP Address” after “# End required lines”.
$ sudo vi /etc/ufw/before.rules
# End required lines
Add your rule for block against spam or hackers:
Save and close the file. And - reload the firewall:
$ sudo ufw reload