[SOLVED] ufw not blocking an ip address

mark_alfred · 09-04-2014, 09:07 PM

Hello. Generally if I find I'm wasting too much time on a website, then I use ufw to block it. I do this by finding the ip address for the site from IP Locator and then I enter the following command in the terminal (asterisks replaced by the ip address):

Code:

sudo ufw deny out to ***.***.***.*** port 80

This has always worked. But for some reason it did not work with the site euchre-cardgame.com (and various other cardgame.com sites, all which IP Locator reports as having the same ip address.) The ip address given by IP Locator was 54.225.104.167. So, I ran the above command with this ip address, but the site(s) are not blocked, and I'm not sure why.

Anyone know why this would be?

ETA:

Code:

mark@mark-OptiPlex-755:~$ ufw version
ufw 0.34~rc-0ubuntu2
Copyright 2008-2012 Canonical Ltd.
mark@mark-OptiPlex-755:~$

I'm using Ubuntu, 14.04.

keefaz · 09-05-2014, 07:34 AM

You want to block incoming or outgoing packets?

mark_alfred · 09-05-2014, 10:44 AM

Packets? I dunno. I'm not talking about serving an ip or a site, but rather as a regular web surfer I wish to cut off internet access to a site. So, when set up and working, I wouldn't be able to see on my browser via my internet connection the site because ufw blocks its ip address. This has worked using the command I cited above with other sites, so its not the command that is the issue. Rather, something seems different with this ip address (the card games one). The rule on gufw looks like this (the following being a political chat site that I felt I was wasting too much time on*):

Quote:

66.135.40.54 80 DENY OUT Anywhere (out)

*Note, both the card game site and political chat site are decent sites, but I just wanted to block them anyway due to spending too much time on them.

keefaz · 09-05-2014, 11:54 AM

Usually to block an IP, the normal way is to block the incoming connection (eg: in not out), so "from"

The command would be

Code:

sudo ufw deny from <ip address>

cepheus11 · 09-05-2014, 01:46 PM

FlagFox tells me that http://www.euchre-cardgame.com/ is at 54.230.202.244. Maybe some redirection I do not understand, or IP-Locator has outdated data. Ip addresses can change, but host names stay. Have you considered blocking the sites you want to block by redirecting them to 127.0.0.1 with your /etc/hosts file?

mark_alfred · 09-05-2014, 04:37 PM

Quote:

Originally Posted by cepheus11

FlagFox tells me that http://www.euchre-cardgame.com/ is at 54.230.202.244. Maybe some redirection I do not understand, or IP-Locator has outdated data. Ip addresses can change, but host names stay. Have you considered blocking the sites you want to block by redirecting them to 127.0.0.1 with your /etc/hosts file?

Yeah, I just installed FlagFox and it gives me different ip addresses each time (IE, 54.192.55.66, 54.192.55.162, etc.) Hmm. Oh well, guess this one can't be blocked in the way I've successfully blocked others. I'm not sure how to use the /etc/hosts file.

keefaz · 09-05-2014, 04:51 PM

Maybe block ip range then? deny from 54.192.55.0/8

mark_alfred · 09-05-2014, 05:09 PM

When I type the ip address in as the url it gives me the following error:

Quote:

ERROR
The request could not be satisfied.

Generated by cloudfront (CloudFront)

The idea of denying a range is interesting. I worry though that I may catch a bunch of other sites that I didn't intend to block. But I'll give it a try.

ETA:

So, I did the following:

Code:

mark@mark-OptiPlex-755:~$ sudo ufw deny out to 54.192.55.0/8 port 80
[sudo] password for mark: 
WARN: Rule changed after normalization
Rule added
mark@mark-OptiPlex-755:~$

Then I checked for the result in gufw, and saw this:

Quote:

54.0.0.0/8 80 DENY OUT Anywhere (out)

Interesting to see what this does.

mark_alfred · 09-05-2014, 05:24 PM

Well, that didn't work.

keefaz · 09-05-2014, 06:07 PM

You have to block incoming packets from IP, not out to...

Code:

sudo ufw deny from 54.192.55.0/8

Edit, according to:
http://whatmyip.co/info/whois/54.225...e-cardgame.com

correct IP range for euchre-cardgame.com would be: 54.224.0.0/12

mark_alfred · 09-05-2014, 08:37 PM

digression:

keefaz, again, I'm not talking about being a server in this thread. For instance, I do have a web server in my computer (lighttpd) and thus have the following entry in the firewall to allow it:

Quote:

80 ALLOW IN Anywhere

The opposite would not be "80 DENY OUT Anywhere" but rather "80 DENY IN Anywhere". IE, "deny in" meaning no one from the outside can come (in) to my computer for port 80 (it would not be open to the public to receive service from port 80).

And it's the opposite for blocking access to stuff outside of the computer (kinda like telling your kids "you can't go out!") Thus, "deny out" is the correct phrasing of the command to block me from visiting certain sites (no going out and visiting that discotheque, or that ip address, young man!). The ip address (specifically, the site that I'm trying to block) is not my computer, nor is the site served from my computer. Thus, denying the world from coming in to see or access the ip address is useless. It ain't here.

But, since you've been persistent, I figured I'd try your suggestion:

Code:

mark@mark-OptiPlex-755:~$ sudo ufw deny from 54.192.55.0/8

It resulted in the following (as I expected):

Quote:

Anywhere DENY IN 54.0.0.0/8

It doesn't work, which I expected.

However, to test (IE, disprove) your theory of how to properly block ip addresses in ufw on my computer, I decided to remove the currently working rule of ...

Quote:

66.135.40.54 80 DENY OUT Anywhere (out)

... which has successfully blocked rabble.ca (the political chat site I earlier referenced), and instead follow the structure of your suggestion on this ip address (as a test). So, as expected, after removing that rule, I now can access rabble.ca. Then, following the structure of your suggestion (for this now unblocked site), I did the following:

Code:

mark@mark-OptiPlex-755:~$ sudo ufw deny from 66.135.40.54
[sudo] password for mark: 
Rule added
mark@mark-OptiPlex-755:~$

The rule from this command was rendered as follows:

Quote:

Anywhere DENY IN 66.135.40.54

Which, of course, does nothing. I can access the site of rabble.ca now even with this rule in place. What the rule is saying is the outside world cannot come into my computer and receive 66.135.40.54. But "66.135.40.54" is not in my computer, so it's irrelevant. I'm not that ip. I'm not serving rabble.ca. And thus since I removed the rule that forbid me going out and accessing this ip address, naturally I now can browse there.

Now I will fix this.

Code:

mark@mark-OptiPlex-755:~$ sudo ufw deny out to 66.135.40.54 port 80
[sudo] password for mark: 
Rule added
mark@mark-OptiPlex-755:~$

And now I cannot access the site. I cannot go out to it. Note: I specified the port so that I can still receive email from them. I've also entirely blocked other sites using this method (and with no port specified) which works.

ETA:

Code:

mark@mark-OptiPlex-755:~$ sudo ufw deny from 54.224.0.0/12
[sudo] password for mark: 
Rule added

This also didn't work.

mark_alfred · 09-05-2014, 08:55 PM

I tried the ip address that keefaz gave, but it didn't work.

Code:

mark@mark-OptiPlex-755:~$ sudo ufw deny out to 54.224.0.0/12
Rule added
mark@mark-OptiPlex-755:~$

Flagfox now reports the ip address as being 54.192.55.169. Doesn't seem possible to pin down the address.

mark_alfred · 09-05-2014, 09:19 PM

Seems some of the ip addresses for euchre-cardgame.com go straight to an Amazon web building site known as aws.amazon.com. There doesn't seem a way to pin down an exact ip address, and thus not a way to block it with ufw. Hmm. Annoys me to discover that this is something I assumed that I could control but now I discover I can't. This is the first time I've not been able to block a site with ufw. I'm guessing it won't be the last.

keefaz · 09-06-2014, 04:33 AM

The commands I suggested should work if there are not other rules that bypass them

Check with

Code:

sudo ufw status verbose

mark_alfred · 09-06-2014, 10:48 AM

Here it is keefaz.

Code:

mark@mark-OptiPlex-755:~$ sudo ufw status verbose
Status: active
Logging: on (medium)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80                         ALLOW IN    Anywhere
22                         DENY IN     Anywhere
443                        DENY IN     Anywhere
2812                       DENY IN     Anywhere
80 (v6)                    ALLOW IN    Anywhere (v6)
22 (v6)                    DENY IN     Anywhere (v6)
443 (v6)                   DENY IN     Anywhere (v6)
2812 (v6)                  DENY IN     Anywhere (v6)

66.135.40.54 80            DENY OUT    Anywhere

mark@mark-OptiPlex-755:~$

The ip address listed as "deny out" is blocked (that being rabble.ca). Removing this rule, and instead using your command, ends up simply unblocking this site. The rule from your command is rendered backward from the deny out entry above. To illustrate, I'll remove the the rules and replace it with the rule that results from your command:

Code:

mark@mark-OptiPlex-755:~$ sudo ufw deny from 66.135.40.54

.

Code:

mark@mark-OptiPlex-755:~$ sudo ufw status verbose
Status: active
Logging: on (medium)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80                         ALLOW IN    Anywhere
22                         DENY IN     Anywhere
443                        DENY IN     Anywhere
2812                       DENY IN     Anywhere
Anywhere                   DENY IN     66.135.40.54
80 (v6)                    ALLOW IN    Anywhere (v6)
22 (v6)                    DENY IN     Anywhere (v6)
443 (v6)                   DENY IN     Anywhere (v6)
2812 (v6)                  DENY IN     Anywhere (v6)

mark@mark-OptiPlex-755:~$

Anyway, I tend to like doing what works, rather than doing what doesn't work. And your command did not work since I now can access rabble.ca, whereas before I couldn't -- it was blocked.

What I can't figure out is why blocking the ip address of euchre-cardgame.com does not work (regardless of whether I'm using your suggested command or the command I've successfully relied upon in the past). Are you able to block the site euchre-cardgame.com with ufw?