Current location: Old Tang's Notes Operation and maintenance text
Dynadot Tile mover Tencent Cloud

The problem and solution of the ineffectiveness of Ubuntu firewall ufw (iptables) addition rules

2023-06-06 Classification: Operation and maintenance
Sider GigsGigsCloud

Recently, a website was written that a crawler has been crawling, but still crawling after blocking the IP address. I was very depressed. It is clear that the ufw display rules have taken effect, but it is impossible to block the IP address. This has seriously affected website access, so I will search on the Internet to find out why, and then find a bug in UFW, and record it here. The same goes for iptables.

Article Contents hide
1、 Ubuntu firewall ufw problem record
2、 Ubuntu Firewall UFW Problem Resolution

1、 Ubuntu firewall ufw problem record

The system Ubuntu 20.04, ufw prohibits access to the IP address A.B.C.D:

ufw deny from A.B.C.D to any

As a result, the A.B.C.D IP is still connected in a large number.

Then the ufw status looks at the status. The rule has taken effect, and even reloading is useless. What's the matter?

A search on the Internet found a similar problem. For example:

The matching of UFW (iptables) rules is based on the order in which the rules appear, Once a rule is matched, the check stops. Therefore, if a rule allows access to TCP port 22 (such as using udo ufw allow 22), the next rule indicates to intercept an IP address (such as using ufw deny proto tcp from A.B.C.D to any port 22). Finally, the rule that allows access to TCP port 22 will be used, but the latter intercepting hacker IP address A.B.C.D is not used.

This is due to the order of the rules. To avoid such problems, You need to edit the/etc/ufw/before.rules file After "# End required lines", add rules to "Block an IP Address".

2、 Ubuntu Firewall UFW Problem Resolution

therefore vim /etc/ufw/before.rules

Find the line shown below:

 # End required lines

Add rules to block hackers or spammers:

 # Block spammers -A ufw-before-input -s A.B.C.D -j DROP

Save and close the file. Finally, let the firewall reload the configuration information:

 ufw reload

This is really effective. However, I don't understand the design logic of UFW. Maybe there are other requirements. But for most simple application environments such as blocking IP, this logic is more like a bug.

My blog will be synchronized to the Tencent Cloud Developer Community, inviting everyone to join us: https://cloud.tencent.com/developer/support-plan?invite_code=1xgxe3rddlacc

Dynadot Hostwinds
AD: [Recommended by Old Tang] The best cheap VPS recommendation, buy one and start building your own blog!
Like( one )
Copyright notice: This article is authorized by the Knowledge Sharing Attribution 4.0 International License Agreement [BY-NC-SA]
Article name:《 The problem and solution of the ineffectiveness of Ubuntu firewall ufw (iptables) addition rules
Article link: https://oldtang.com/12303.html
The resources of this website are only for personal learning and exchange. Please delete them within 24 hours after downloading, and they are not allowed to be used for commercial purposes, otherwise the legal issues will be borne by yourself.

Related recommendations

Notes of Old Tang – Follow us

Notes of Old Tang – preferential promotion

QQ group: six hundred and twenty-four million two hundred and forty-one thousand three hundred and six

TG group: @oldtang_com

Hematemesis recommendation

#Monthly discount # VPS/host/domain name

Summary of the latest promotional information in 2023

Cheap VPS

#Laotang recommends # select cheap VPS merchants

Eight years of station building experience, hematemesis sorting, high-end and high-quality routes

Cheap host

#Laotang recommends # select virtual host merchants

American virtual host, an old brand merchant, an introduction to website building, and an option for newcomers

Cheap domain name

#Laotang recommends # preferred domain name registrar

Cheap domain name registration, good domain name is half the success

Article Contents hide
1、 Ubuntu firewall ufw problem record
2、 Ubuntu Firewall UFW Problem Resolution

Random articles

Hot tags

Tile mover Tencent Cloud Vultr Tencent cloud discount HostWinds Alibaba Cloud Tencent Cloud lightweight application server NameCheap Hostwinds Tutorial WordPress Tiler CN2 GIA Dynadot DMIT Vultr VPS Tencent Cloud Seckill Tencent cloud server UCloud Vultr evaluation Tencent Cloud lightweight Vultr offers Tencent cloud voucher HostDare Tiler Limited Edition CN2 GIA Pagoda panel Preferential code for tile removal workers Tiler Hong Kong pagoda Ubuntu Hong Kong VPS

Website statistics

  • Total number of logs: one thousand six hundred and seventy-seven
  • Total comments: one hundred and sixteen
  • Total number of labels: seven thousand one hundred and eighty-two
  • Total pages: one
  • Total number of categories: fifteen
  • Total number of links: nineteen
  • Total number of users: one
  • Last updated: 2024-09-26