How to block a specific IP Address using UFW

The key to blocking a specific IP address with UFW is to make sure that the rule which blocks the ipaddress is applied before any allow rules. Because the firewalls rules are run in order – the block will no come into affect if it appears at the bottom. For example on most webserver you might expect the rules to be:
To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
22                         ALLOW       Anywhere (v6)
80                         ALLOW       Anywhere (v6)
443                        ALLOW       Anywhere (v6)

Therefore, to block an IP address the rules would need to setup like this:

To                         Action      From
--                         ------      ----
Anywhere                   DENY        <ip address >
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
22                         ALLOW       Anywhere (v6)
80                         ALLOW       Anywhere (v6)
443                        ALLOW       Anywhere (v6)

To do this you need to insert the new deny rule at the top using the “insert” option.

sudo ufw insert 1 deny from <ip address>

To remove the block simple:

sudo ufw delete allow from <ip address>

For more information read the community documentation for UFW on Ubuntu.

How to block a specific IP Address using UFW的更多相关文章

  1. VIP - virtual IP address

    virtual IP address (虚拟 IP 地址)1.是集群的ip地址,一个vip对应多个机器2.与群集关联的唯一 IP 地址 see wiki: A virtual IP address ( ...

  2. Linux Force DHCP Client (dhclient) to Renew IP Address

    http://www.cyberciti.biz/faq/howto-linux-renew-dhcp-client-ip-address/‘m using Ubuntu Linux. How to ...

  3. Setting up a static IP address in Ubuntu

    sudo gedit /etc/network/interfaces Change the line iface eth0 inet dhcp to iface eth0 inet static an ...

  4. ERROR 2003 (HY000): Can't connect to MySQL server on 'ip address' (111)的处理办法

    远程连接mysql数据库时可以使用以下指令 mysql -h 192.168.1.104 -u root -p 如果是初次安装mysql,需要将所有/etc/mysql/内的所有配置文件的bind-a ...

  5. oracle 11g RAC安装节点二执行结果错误CRS-5005: IP Address: 192.168.1.24 is already in use in the network

    [root@testdb11b ~]# /u01/app/oraInventory/orainstRoot.sh Changing permissions of /u01/app/oraInvento ...

  6. Assign an Elastic IP Address to Your Instance

    By default, an instance in a nondefault VPC is not assigned a public IP address, and is private.You ...

  7. Ubuntu setup Static IP Address

    Change Ubuntu Server from DHCP to a Static IP Address If the Ubuntu Server installer has set your se ...

  8. How to configure a static IP address on CentOS 7(CentOS7静态IP地址设置)

    Question: On CentOS 7, I want to switch from DHCP to static IP address configuration with one of my ...

  9. Azure China (8) 使用Azure PowerShell创建虚拟机,并设置固定Virtual IP Address和Private IP

    <Windows Azure Platform 系列文章目录> 本文介绍的是由世纪互联运维的Windows Azure China. 相比于Global Azure (http://www ...

随机推荐

  1. Django中的Cookie--实现登录

    Django中的Cookie--实现登录 Django Cookie  Cookie Cookie 是什么 保存在浏览器端的键值对,让服务器提取有用的信息. 为什么要有 Cookie 因为HTTP请求 ...

  2. windows 下 pyinstaller distutils not included with latest virtualenv (16.4.0)

    起因 因为windows下python3.7.2内置venv虚拟环境下pyinstaller错误问题,切换virtualenv但是发现最新版本又有其他问题 - -! ModuleNotFoundErr ...

  3. HBase 使用外部的 zookeeper

    HBase 启动时,默认会根据hbase-site.xml文件中的如下设置端口上启动一个zookeeper服务: <property> <name>hbase.zookeepe ...

  4. Cisco ASA 8.3前及8.3后版本Access-list 变化

    8.2及之前 access-list:源地址是真实IP地址,目的地址是映射地址packet-tracer:源地址为真实IP地址,目的地址为映射地址 8.3及之后access-list:源地址和目的地址 ...

  5. System Verilog基础(二)

    这一篇笔记主要记录Procedural,Process,Task and function,Interface和Communication中值得注意的点. 1.Procedural 写testbenc ...

  6. win8.1中向IIS注册asp.net

    以前都是用aspnet_regiis -I 命令向IIS注册asp.net ,今天换了win8.1后竟然发现这招不好使了. 根据提示,需要用dism.exe来完成注册. 折腾一会儿后,问题最终解决:  ...

  7. Linus' Law

    Given enough eyeballs, all bugs are shallow.                                               ------埃里克 ...

  8. 《Algorithms算法》笔记:元素排序(3)——洗牌算法

    <Algorithms算法>笔记:元素排序(3)——洗牌算法 Algorithms算法笔记元素排序3洗牌算法 洗牌算法 排序洗牌 Knuth洗牌 Knuth洗牌代码 洗牌算法 洗牌的思想很 ...

  9. nginx设置开机自启动

    每次启动nginx服务都需要到安装目录下的/sbin下面,感觉挺麻烦的. 下面介绍一下如何在Linux(CentOS)系统上,设置nginx开机自启动. 1 用脚本管理nginx服务 第一步:在/et ...

  10. Android对敏感数据进行MD5加密(基础回顾)

    1.在工具类的包下新建一个进行md5加密的工具类MD5Utils.java package com.example.mobilesafe.utils; import java.security.Mes ...