Recently, a website was written that a crawler has been crawling, but still crawling after blocking the IP address. I was very depressed. It is clear that the ufw display rules have taken effect, but it is impossible to block the IP address. This has seriously affected website access, so I will search on the Internet to find out why, and then find a bug in UFW, and record it here. The same goes for iptables.
1、 Ubuntu firewall ufw problem record
The system Ubuntu 20.04, ufw prohibits access to the IP address A.B.C.D:
ufw deny from A.B.C.D to any
As a result, the A.B.C.D IP is still connected in a large number.
Then the ufw status looks at the status. The rule has taken effect, and even reloading is useless. What's the matter?
A search on the Internet found a similar problem. For example:
The matching of UFW (iptables) rules is based on the order in which the rules appear, Once a rule is matched, the check stops. Therefore, if a rule allows access to TCP port 22 (such as using udo ufw allow 22), the next rule indicates to intercept an IP address (such as using ufw deny proto tcp from A.B.C.D to any port 22). Finally, the rule that allows access to TCP port 22 will be used, but the latter intercepting hacker IP address A.B.C.D is not used.
This is due to the order of the rules. To avoid such problems, You need to edit the/etc/ufw/before.rules file After "# End required lines", add rules to "Block an IP Address".
2、 Ubuntu Firewall UFW Problem Resolution
therefore vim /etc/ufw/before.rules
Find the line shown below:
# End required lines
Add rules to block hackers or spammers:
# Block spammers -A ufw-before-input -s A.B.C.D -j DROP
Save and close the file. Finally, let the firewall reload the configuration information:
ufw reload
This is really effective. However, I don't understand the design logic of UFW. Maybe there are other requirements. But for most simple application environments such as blocking IP, this logic is more like a bug.
My blog will be synchronized to the Tencent Cloud Developer Community, inviting everyone to join us: https://cloud.tencent.com/developer/support-plan?invite_code=1xgxe3rddlacc