ufw not blocking an ip address
 

Hello. Generally if I find I'm wasting too much time on a website, then I use ufw to block it. I do this by finding the ip address for the site from IP Locator and then I enter the following command in the terminal (asterisks replaced by the ip address):

This has always worked. But for some reason it did not work with the site euchre-cardgame.com (and various other cardgame.com sites, all which IP Locator reports as having the same ip address.) The ip address given by IP Locator was 54.225.104.167. So, I ran the above command with this ip address, but the site(s) are not blocked, and I'm not sure why.

Anyone know why this would be?


ETA:

I'm using Ubuntu, 14.04.

You want to block incoming or outgoing packets?

Packets? I dunno. I'm not talking about serving an ip or a site, but rather as a regular web surfer I wish to cut off internet access to a site. So, when set up and working, I wouldn't be able to see on my browser via my internet connection the site because ufw blocks its ip address. This has worked using the command I cited above with other sites, so its not the command that is the issue. Rather, something seems different with this ip address (the card games one). The rule on gufw looks like this (the following being a political chat site that I felt I was wasting too much time on*):
*Note, both the card game site and political chat site are decent sites, but I just wanted to block them anyway due to spending too much time on them.

Usually to block an IP, the normal way is to block the incoming connection (eg: in not out), so "from"

The command would be

FlagFox tells me that http://www.euchre-cardgame.com/ is at 54.230.202.244. Maybe some redirection I do not understand, or IP-Locator has outdated data. Ip addresses can change, but host names stay. Have you considered blocking the sites you want to block by redirecting them to 127.0.0.1 with your /etc/hosts file?

Yeah, I just installed FlagFox and it gives me different ip addresses each time (IE, 54.192.55.66, 54.192.55.162, etc.) Hmm. Oh well, guess this one can't be blocked in the way I've successfully blocked others. I'm not sure how to use the /etc/hosts file.

Maybe block ip range then? deny from 54.192.55.0/8

When I type the ip address in as the url it gives me the following error:
The idea of denying a range is interesting. I worry though that I may catch a bunch of other sites that I didn't intend to block. But I'll give it a try.

ETA:

So, I did the following:
Then I checked for the result in gufw, and saw this:
Interesting to see what this does.

Well, that didn't work.

You have to block incoming packets from IP, not out to...
Edit, according to:
http://whatmyip.co/info/whois/54.225...e-cardgame.com

correct IP range for euchre-cardgame.com would be: 54.224.0.0/12

digression:

keefaz, again, I'm not talking about being a server in this thread. For instance, I do have a web server in my computer (lighttpd) and thus have the following entry in the firewall to allow it:
The opposite would not be "80 DENY OUT Anywhere" but rather "80 DENY IN Anywhere". IE, "deny in" meaning no one from the outside can come (in) to my computer for port 80 (it would not be open to the public to receive service from port 80).

And it's the opposite for blocking access to stuff outside of the computer (kinda like telling your kids "you can't go out!") Thus, "deny out" is the correct phrasing of the command to block me from visiting certain sites (no going out and visiting that discotheque, or that ip address, young man!). The ip address (specifically, the site that I'm trying to block) is not my computer, nor is the site served from my computer. Thus, denying the world from coming in to see or access the ip address is useless. It ain't here.

But, since you've been persistent, I figured I'd try your suggestion:
It resulted in the following (as I expected):
It doesn't work, which I expected.

However, to test (IE, disprove) your theory of how to properly block ip addresses in ufw on my computer, I decided to remove the currently working rule of ...
... which has successfully blocked rabble.ca (the political chat site I earlier referenced), and instead follow the structure of your suggestion on this ip address (as a test). So, as expected, after removing that rule, I now can access rabble.ca. Then, following the structure of your suggestion (for this now unblocked site), I did the following:

The rule from this command was rendered as follows:
Which, of course, does nothing. I can access the site of rabble.ca now even with this rule in place. What the rule is saying is the outside world cannot come into my computer and receive 66.135.40.54. But "66.135.40.54" is not in my computer, so it's irrelevant. I'm not that ip. I'm not serving rabble.ca. And thus since I removed the rule that forbid me going out and accessing this ip address, naturally I now can browse there.

Now I will fix this.

And now I cannot access the site. I cannot go out to it. Note: I specified the port so that I can still receive email from them. I've also entirely blocked other sites using this method (and with no port specified) which works.

ETA:

This also didn't work.

I tried the ip address that keefaz gave, but it didn't work.
Flagfox now reports the ip address as being 54.192.55.169. Doesn't seem possible to pin down the address.

Seems some of the ip addresses for euchre-cardgame.com go straight to an Amazon web building site known as aws.amazon.com. There doesn't seem a way to pin down an exact ip address, and thus not a way to block it with ufw. Hmm. Annoys me to discover that this is something I assumed that I could control but now I discover I can't. This is the first time I've not been able to block a site with ufw. I'm guessing it won't be the last.

The commands I suggested should work if there are not other rules that bypass them

Check with

Here it is keefaz.

The ip address listed as "deny out" is blocked (that being rabble.ca). Removing this rule, and instead using your command, ends up simply unblocking this site. The rule from your command is rendered backward from the deny out entry above. To illustrate, I'll remove the the rules and replace it with the rule that results from your command:
.

Anyway, I tend to like doing what works, rather than doing what doesn't work. And your command did not work since I now can access rabble.ca, whereas before I couldn't -- it was blocked.

What I can't figure out is why blocking the ip address of euchre-cardgame.com does not work (regardless of whether I'm using your suggested command or the command I've successfully relied upon in the past). Are you able to block the site euchre-cardgame.com with ufw?