How to block an IP address with ufw on Ubuntu Linux server
Iam using UFW to manage firewall on my Ubuntu Linux 12.04/14.04 LTS server. I need to block a specific IP address from accessing my server. How do I block an IP address using ufw?
UFW (Uncomplicated Firewall) is a front-end for iptables and is particularly well-suited for a single server or host-based firewalls. It is the default firewall configuration tool for Ubuntu Linux. The UFW developed for a new sysadmin with ease use in mind. It is a user-friendly way to create an IPv4 or IPv6 based firewall to protect the server.
ufw block specific IP address
The syntax is:
To block or deny all packets from 192.168.1.5, enter:
sudo ufw deny from {ip-address-here} to any
To block or deny all packets from 192.168.1.5, enter:
sudo ufw deny from 192.168.1.5 to any
Show firewall status including your rules
Verify newly added rules, enter:
OR
$ sudo ufw status numbered
OR
$ sudo ufw status
ufw block specific IP and port number
The syntax is:
To block or deny spammers IP address 202.54.1.5 to port 80, enter:
Again verify with the following command:
Sample outputs:
ufw deny from {ip-address-here} to any port {port-number-here}
To block or deny spammers IP address 202.54.1.5 to port 80, enter:
sudo ufw deny from 202.54.1.5 to any port 80
Again verify with the following command:
$ sudo ufw status numbered
Sample outputs:
ufw deny specific IP, port number, and protocol
The syntax is:
For example block hacker IP address 202.54.1.1 to tcp port 22, enter:
sudo ufw deny proto {tcp|udp} from {ip-address-here} to any port {port-number-here}
For example block hacker IP address 202.54.1.1 to tcp port 22, enter:
$ sudo ufw deny proto tcp from 202.54.1.1 to any port 22
$ sudo ufw status numbered
ufw block subnet
The syntax is same:
$ sudo ufw deny proto tcp from sub/net to any port 22
$ sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22
How do I delete blocked IP address or unblock an IP address again?
The syntax is:
To delete rule number # 4, enter:
Sample outputs:
$ sudo ufw status numbered
$ sudo ufw delete NUM
To delete rule number # 4, enter:
$ sudo ufw delete 4
Sample outputs:
Deleting:
deny from 202.54.1.5 to any port 80
Proceed with operation (y|n)? y
Rule deleted
Tip: UFW NOT blocking an IP address
UFW (iptables) rules are applied in order of appearance, and the inspection ends immediately when there is a match. Therefore, for example, if a rule is allowing access to tcp port 22 (say using sudo ufw allow 22), and afterward another Rule is specified blocking an IP address (say using ufw deny proto tcp from 202.54.1.1 to any port 22), the rule to access port 22 is applied and the later rule to block the hacker IP address 202.54.1.1 is not. It is all about the order. To avoid such problem you need to edit the /etc/ufw/before.rules file and add a section to “Block an IP Address” after “# End required lines” section.
Find line that read as follows:
$ sudo vi /etc/ufw/before.rules
Find line that read as follows:
# End required lines
Append your rule to block spammers or hackers:
Save and close the file. Finally, reload the firewall:
$ sudo ufw reload
No comments:
Post a Comment