ufw not working?
I've got an Ubuntu server box, which frequently gets some SSH brute-force attacks. Occasionally when I check my auth.log and see that a certain IP did a crapload of attacks, I just add a firewall rule:
After a check if it's loaded into ufw:
$ sudo ufw deny proto any from $IP
Of course, $IP should be substituted with the IP I'm trying to block. Now, after checking auth.log a day or two later, I still see break-in attempts from that very IP. I don't get it. Can anyone shed some light on this?
$ sudo ufw status
To Action From
-- ------ ----
22/tcp LIMIT Anywhere
21/tcp LIMIT Anywhere
22/tcp ALLOW 192.168.1.0/24
Anywhere DENY $IP
The mumak butts! The grid bug bites! You get zapped! -- More --
The leocrotta kicks! You die... -- More --
Do you want your possessions identified? (y/n)