Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: UFW NOT blocking IP address

  1. March 25th, 2011 #11
    droberts's Avatar
    droberts
    droberts is offline Spilled the Beans
    Join Date
    Jul 2007
    Beans
    16

    Re: UFW NOT blocking IP address

    Is there some way to ensure that this DENY IP rule goes in at the top? Not sure what I'm missing here...
    Advanced reply Adv Reply  
  2. March 27th, 2011 #12
    sourchier's Avatar
    sourchier
    sourchier is offline Just Give Me the Beans!
    Join Date
    Sep 2006
    Beans
    49

    Re: UFW NOT blocking IP address

    According to the UFW documentation:

    Advanced Blocking Rules

    Blocking IP addresses is not so straight forward if you have an existing set of rules as IPTABLES matches in order.

    So if you started with default deny and added in port 80 for a public server :

    sudo ufw allow 80

    But then find IP address 111.222.3.44 is hacking your server :

    sudo ufw deny 111.222.3.44

    will do nothing (you allowed access with your first rule).

    You need to edit /etc/ufw/before.rules and add a section "Block IP" after "Drop INVALID packets" :

    -A ufw-before-input -s 111.222.3.44 -j DROP #Assuming no loging is desired of course)
    # drop INVALID packets
    # uncomment to log INVALID packets
    #-A ufw-before-input -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW B$
    -A ufw-before-input -m conntrack --ctstate INVALID -j DROP

    # Block IP
    # This it is effective
    -A ufw-before-input -s 111.222.3.44 -j DROP

    You can find that information (and more) here :

    https://help.ubuntu.com/community/UFW
    Advanced reply Adv Reply  
  3. March 27th, 2011 #13
    BkkBonanza's Avatar
    BkkBonanza
    BkkBonanza is offline Staff Emeritus
    Join Date
    Apr 2008
    Location
    Far, far away
    Beans
    2,148
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: UFW NOT blocking IP address

    Also keep in mind that if you manually edit and save the iptables rules they will not get re-installed after rebooting unless you take special care to restore them after the ufw and fail2ban rules, at which point you may as well not have those programs running since you are overridding them. So if you plan to keep using them then you cannot make a manual fix using iptables-restore as it is all-or-nothing.

    If you figure out the steps to correct it with iptables commands then that set of commands could be applied after booting. I'd think it's much better to see if you can adjust the rules as suggested above within ufw and fail2ban to get them to co-operate.
    Advanced reply Adv Reply  
  4. March 28th, 2011 #14
    Shuey
    Shuey is offline First Cup of Ubuntu
    Join Date
    Mar 2011
    Beans
    2

    Re: UFW NOT blocking IP address

    fail2ban's documentation states that it is placed at the top of the chain. So, whether you're using iptables or not, fail2ban is the first "cop" to see and determine if the IP coming at it is a badguy or not. You'd have to modify your fail2ban rules in order to control this.
    Advanced reply Adv Reply  
Page 2 of 2 FirstFirst 12
« Previous Thread | Next Thread »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct