How to block a specific IP Address using UFW

The key to blocking a specific IP address with UFW is to make sure that the rule which blocks the ipaddress is applied before any allow rules. Because the firewalls rules are run in order – the block will no come into affect if it appears at the bottom. For example on most webserver you might expect the rules to be:
To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
22                         ALLOW       Anywhere (v6)
80                         ALLOW       Anywhere (v6)
443                        ALLOW       Anywhere (v6)

Therefore, to block an IP address the rules would need to setup like this:

To                         Action      From
--                         ------      ----
Anywhere                   DENY        <ip address >
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
22                         ALLOW       Anywhere (v6)
80                         ALLOW       Anywhere (v6)
443                        ALLOW       Anywhere (v6)

To do this you need to insert the new deny rule at the top using the “insert” option.

sudo ufw insert 1 deny from <ip address>

To remove the block simple:

sudo ufw delete allow from <ip address>

For more information read the community documentation for UFW on Ubuntu.

How to block a specific IP Address using UFW的更多相关文章

  1. VIP - virtual IP address

    virtual IP address (虚拟 IP 地址)1.是集群的ip地址,一个vip对应多个机器2.与群集关联的唯一 IP 地址 see wiki: A virtual IP address ( ...

  2. Linux Force DHCP Client (dhclient) to Renew IP Address

    http://www.cyberciti.biz/faq/howto-linux-renew-dhcp-client-ip-address/‘m using Ubuntu Linux. How to ...

  3. Setting up a static IP address in Ubuntu

    sudo gedit /etc/network/interfaces Change the line iface eth0 inet dhcp to iface eth0 inet static an ...

  4. ERROR 2003 (HY000): Can't connect to MySQL server on 'ip address' (111)的处理办法

    远程连接mysql数据库时可以使用以下指令 mysql -h 192.168.1.104 -u root -p 如果是初次安装mysql,需要将所有/etc/mysql/内的所有配置文件的bind-a ...

  5. oracle 11g RAC安装节点二执行结果错误CRS-5005: IP Address: 192.168.1.24 is already in use in the network

    [root@testdb11b ~]# /u01/app/oraInventory/orainstRoot.sh Changing permissions of /u01/app/oraInvento ...

  6. Assign an Elastic IP Address to Your Instance

    By default, an instance in a nondefault VPC is not assigned a public IP address, and is private.You ...

  7. Ubuntu setup Static IP Address

    Change Ubuntu Server from DHCP to a Static IP Address If the Ubuntu Server installer has set your se ...

  8. How to configure a static IP address on CentOS 7(CentOS7静态IP地址设置)

    Question: On CentOS 7, I want to switch from DHCP to static IP address configuration with one of my ...

  9. Azure China (8) 使用Azure PowerShell创建虚拟机,并设置固定Virtual IP Address和Private IP

    <Windows Azure Platform 系列文章目录> 本文介绍的是由世纪互联运维的Windows Azure China. 相比于Global Azure (http://www ...

随机推荐

  1. java 面试大全

    一.CoreJava 部分: 基础及语法部分: 1.面向对象的特征有哪些方面? [基础] 答:面向对象的特征主要有以下几个方面: 1)抽象:抽象就是忽略一个主题中与当前目标无关的那些方面,以便更充分地 ...

  2. Java 访问权限控制:你真的了解 protected 关键字吗?

    摘要: 对于类的成员而言,其能否被其他类所访问,取决于该成员的修饰词:而对于一个类而言,其能否被其他类所访问,也取决于该类的修饰词.在Java中,类成员访问权限修饰词有四类:private,无(包访问 ...

  3. Vijos 小胖的奇偶

    第一遍做 #include<iostream> #include<cstdlib> #include<cstdio> #include<cstring> ...

  4. Django环境搭建之hello world

    当我们想用Python来开发一个web应用时,首先要选择一个优秀的web框架,Django是个非常成熟的web开发框架,网上具有丰富的文档和学习资料,所以选择Django框架来入门web开发是个不错的 ...

  5. 正则表达式 IP域名

    不废话,我这个起码不坑人,有的把我坑死 var objRegExp = /^((([1-9]|([1-9]\d)|(1\d\d)|(2([0-4]\d|5[0-5]))))\.)((([0-9]|([ ...

  6. css中奇怪的地方

    1.border-color      继承内部元素前景色(color:black.可能对元素本身没有效果) 2.border-style:none;//不仅样式没了,border-width也变为0 ...

  7. Android版本信息及与Linux和Java的关系

    1.Android与Linux和Java的关系 Android严格来说,不能算是Linux,Android是一个统称,具体来说,是Google用了Linux的一个核心,用这个核心来管理进程,控制硬件. ...

  8. javac的词法分析

      1.词法分析将Java源文件的字符流转变为对应的Token流.   JavacParser类规定了哪些词是符合Java语言规范规定的词,而具体读取和归类不同词法的操作由Scanner类来完成.   ...

  9. maven install时报错 Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.12.4:test (default-test)

    今天在一个maven项目上执行maven install命令的时候一直报错,错误信息如下: [INFO] ----------------------------------------------- ...

  10. BackgroundWorker的简单用法

    微软的官方例子 BackgroudWorker就是一个封装好的异步处理类(就是多线程,广泛用于winform开发中) 例子: 1.界面效果: 一个label,两个button 2.Form2.cs的代 ...