How to block a specific IP Address using UFW

How to block a specific IP Address using UFW

The key to blocking a specific IP address with UFW is to make sure that the rule which blocks the ipaddress is applied before any allow rules. Because the firewalls rules are run in order – the block will no come into affect if it appears at the bottom. For example on most webserver you might expect the rules to be:

To                         Action      From

--                         ------      ----

22                         ALLOW       Anywhere

80                         ALLOW       Anywhere

443                        ALLOW       Anywhere

22                         ALLOW       Anywhere (v6)

80                         ALLOW       Anywhere (v6)

443                        ALLOW       Anywhere (v6)

Therefore, to block an IP address the rules would need to setup like this:

To                         Action      From

--                         ------      ----

Anywhere                   DENY        <ip address >

22                         ALLOW       Anywhere

80                         ALLOW       Anywhere

443                        ALLOW       Anywhere

22                         ALLOW       Anywhere (v6)

80                         ALLOW       Anywhere (v6)

443                        ALLOW       Anywhere (v6)

To do this you need to insert the new deny rule at the top using the “insert” option.

sudo ufw insert 1 deny from <ip address>

To remove the block simple:

sudo ufw delete allow from <ip address>

For more information read the community documentation for UFW on Ubuntu.

来源： <http://www.randomhacks.co.uk/how-to-block-a-specific-ip-address-using-ufw/>

 

来自为知笔记(Wiz)