ufw not blocking an ip address
Hello. Generally if I find I'm wasting too much time on a website, then I use ufw to block it. I do this by finding the ip address for the site from IP Locator and then I enter the following command in the terminal (asterisks replaced by the ip address):
Code:
sudo ufw deny out to ***.***.***.*** port 80 Anyone know why this would be? ETA: Code:
mark@mark-OptiPlex-755:~$ ufw version |
You want to block incoming or outgoing packets?
|
Packets? I dunno. I'm not talking about serving an ip or a site, but rather as a regular web surfer I wish to cut off internet access to a site. So, when set up and working, I wouldn't be able to see on my browser via my internet connection the site because ufw blocks its ip address. This has worked using the command I cited above with other sites, so its not the command that is the issue. Rather, something seems different with this ip address (the card games one). The rule on gufw looks like this (the following being a political chat site that I felt I was wasting too much time on*):
Quote:
|
Usually to block an IP, the normal way is to block the incoming connection (eg: in not out), so "from"
The command would be Code:
sudo ufw deny from <ip address> |
FlagFox tells me that http://www.euchre-cardgame.com/ is at 54.230.202.244. Maybe some redirection I do not understand, or IP-Locator has outdated data. Ip addresses can change, but host names stay. Have you considered blocking the sites you want to block by redirecting them to 127.0.0.1 with your /etc/hosts file?
|
Quote:
|
Maybe block ip range then? deny from 54.192.55.0/8
|
When I type the ip address in as the url it gives me the following error:
Quote:
ETA: So, I did the following: Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny out to 54.192.55.0/8 port 80 Quote:
|
Well, that didn't work.
|
You have to block incoming packets from IP, not out to...
Code:
sudo ufw deny from 54.192.55.0/8 http://whatmyip.co/info/whois/54.225...e-cardgame.com correct IP range for euchre-cardgame.com would be: 54.224.0.0/12 |
digression:
keefaz, again, I'm not talking about being a server in this thread. For instance, I do have a web server in my computer (lighttpd) and thus have the following entry in the firewall to allow it: Quote:
And it's the opposite for blocking access to stuff outside of the computer (kinda like telling your kids "you can't go out!") Thus, "deny out" is the correct phrasing of the command to block me from visiting certain sites (no going out and visiting that discotheque, or that ip address, young man!). The ip address (specifically, the site that I'm trying to block) is not my computer, nor is the site served from my computer. Thus, denying the world from coming in to see or access the ip address is useless. It ain't here. But, since you've been persistent, I figured I'd try your suggestion: Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny from 54.192.55.0/8 Quote:
However, to test (IE, disprove) your theory of how to properly block ip addresses in ufw on my computer, I decided to remove the currently working rule of ... Quote:
Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny from 66.135.40.54 Quote:
Now I will fix this. Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny out to 66.135.40.54 port 80 ETA: Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny from 54.224.0.0/12 |
I tried the ip address that keefaz gave, but it didn't work.
Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny out to 54.224.0.0/12 |
Seems some of the ip addresses for euchre-cardgame.com go straight to an Amazon web building site known as aws.amazon.com. There doesn't seem a way to pin down an exact ip address, and thus not a way to block it with ufw. Hmm. Annoys me to discover that this is something I assumed that I could control but now I discover I can't. This is the first time I've not been able to block a site with ufw. I'm guessing it won't be the last.
|
The commands I suggested should work if there are not other rules that bypass them
Check with Code:
sudo ufw status verbose |
Here it is keefaz.
Code:
mark@mark-OptiPlex-755:~$ sudo ufw status verbose Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny from 66.135.40.54 Code:
mark@mark-OptiPlex-755:~$ sudo ufw status verbose What I can't figure out is why blocking the ip address of euchre-cardgame.com does not work (regardless of whether I'm using your suggested command or the command I've successfully relied upon in the past). Are you able to block the site euchre-cardgame.com with ufw? |
All times are GMT -5. The time now is 01:11 AM. |