LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-04-2014, 09:07 PM   #1
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572

Rep: Reputation: 210Reputation: 210Reputation: 210
ufw not blocking an ip address


Hello. Generally if I find I'm wasting too much time on a website, then I use ufw to block it. I do this by finding the ip address for the site from IP Locator and then I enter the following command in the terminal (asterisks replaced by the ip address):

Code:
sudo ufw deny out to ***.***.***.*** port 80
This has always worked. But for some reason it did not work with the site euchre-cardgame.com (and various other cardgame.com sites, all which IP Locator reports as having the same ip address.) The ip address given by IP Locator was 54.225.104.167. So, I ran the above command with this ip address, but the site(s) are not blocked, and I'm not sure why.

Anyone know why this would be?


ETA:

Code:
mark@mark-OptiPlex-755:~$ ufw version
ufw 0.34~rc-0ubuntu2
Copyright 2008-2012 Canonical Ltd.
mark@mark-OptiPlex-755:~$
I'm using Ubuntu, 14.04.

Last edited by mark_alfred; 09-04-2014 at 09:24 PM.
 
Old 09-05-2014, 07:34 AM   #2
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
You want to block incoming or outgoing packets?
 
Old 09-05-2014, 10:44 AM   #3
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572

Original Poster
Rep: Reputation: 210Reputation: 210Reputation: 210
Packets? I dunno. I'm not talking about serving an ip or a site, but rather as a regular web surfer I wish to cut off internet access to a site. So, when set up and working, I wouldn't be able to see on my browser via my internet connection the site because ufw blocks its ip address. This has worked using the command I cited above with other sites, so its not the command that is the issue. Rather, something seems different with this ip address (the card games one). The rule on gufw looks like this (the following being a political chat site that I felt I was wasting too much time on*):
Quote:
66.135.40.54 80 DENY OUT Anywhere (out)
*Note, both the card game site and political chat site are decent sites, but I just wanted to block them anyway due to spending too much time on them.
 
Old 09-05-2014, 11:54 AM   #4
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Usually to block an IP, the normal way is to block the incoming connection (eg: in not out), so "from"

The command would be
Code:
sudo ufw deny from <ip address>
 
Old 09-05-2014, 01:46 PM   #5
cepheus11
Member
 
Registered: Nov 2010
Location: Germany
Distribution: Gentoo
Posts: 286

Rep: Reputation: 91
FlagFox tells me that http://www.euchre-cardgame.com/ is at 54.230.202.244. Maybe some redirection I do not understand, or IP-Locator has outdated data. Ip addresses can change, but host names stay. Have you considered blocking the sites you want to block by redirecting them to 127.0.0.1 with your /etc/hosts file?
 
1 members found this post helpful.
Old 09-05-2014, 04:37 PM   #6
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572

Original Poster
Rep: Reputation: 210Reputation: 210Reputation: 210
Quote:
Originally Posted by cepheus11 View Post
FlagFox tells me that http://www.euchre-cardgame.com/ is at 54.230.202.244. Maybe some redirection I do not understand, or IP-Locator has outdated data. Ip addresses can change, but host names stay. Have you considered blocking the sites you want to block by redirecting them to 127.0.0.1 with your /etc/hosts file?
Yeah, I just installed FlagFox and it gives me different ip addresses each time (IE, 54.192.55.66, 54.192.55.162, etc.) Hmm. Oh well, guess this one can't be blocked in the way I've successfully blocked others. I'm not sure how to use the /etc/hosts file.
 
Old 09-05-2014, 04:51 PM   #7
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Maybe block ip range then? deny from 54.192.55.0/8

Last edited by keefaz; 09-05-2014 at 04:55 PM.
 
1 members found this post helpful.
Old 09-05-2014, 05:09 PM   #8
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572

Original Poster
Rep: Reputation: 210Reputation: 210Reputation: 210
When I type the ip address in as the url it gives me the following error:
Quote:
ERROR
The request could not be satisfied.

Generated by cloudfront (CloudFront)
The idea of denying a range is interesting. I worry though that I may catch a bunch of other sites that I didn't intend to block. But I'll give it a try.

ETA:

So, I did the following:
Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny out to 54.192.55.0/8 port 80
[sudo] password for mark: 
WARN: Rule changed after normalization
Rule added
mark@mark-OptiPlex-755:~$
Then I checked for the result in gufw, and saw this:
Quote:
54.0.0.0/8 80 DENY OUT Anywhere (out)
Interesting to see what this does.

Last edited by mark_alfred; 09-05-2014 at 05:17 PM.
 
Old 09-05-2014, 05:24 PM   #9
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572

Original Poster
Rep: Reputation: 210Reputation: 210Reputation: 210
Well, that didn't work.
 
Old 09-05-2014, 06:07 PM   #10
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
You have to block incoming packets from IP, not out to...
Code:
sudo ufw deny from 54.192.55.0/8
Edit, according to:
http://whatmyip.co/info/whois/54.225...e-cardgame.com

correct IP range for euchre-cardgame.com would be: 54.224.0.0/12

Last edited by keefaz; 09-05-2014 at 06:15 PM.
 
Old 09-05-2014, 08:37 PM   #11
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572

Original Poster
Rep: Reputation: 210Reputation: 210Reputation: 210
digression:

keefaz, again, I'm not talking about being a server in this thread. For instance, I do have a web server in my computer (lighttpd) and thus have the following entry in the firewall to allow it:
Quote:
80 ALLOW IN Anywhere
The opposite would not be "80 DENY OUT Anywhere" but rather "80 DENY IN Anywhere". IE, "deny in" meaning no one from the outside can come (in) to my computer for port 80 (it would not be open to the public to receive service from port 80).

And it's the opposite for blocking access to stuff outside of the computer (kinda like telling your kids "you can't go out!") Thus, "deny out" is the correct phrasing of the command to block me from visiting certain sites (no going out and visiting that discotheque, or that ip address, young man!). The ip address (specifically, the site that I'm trying to block) is not my computer, nor is the site served from my computer. Thus, denying the world from coming in to see or access the ip address is useless. It ain't here.

But, since you've been persistent, I figured I'd try your suggestion:
Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny from 54.192.55.0/8
It resulted in the following (as I expected):
Quote:
Anywhere DENY IN 54.0.0.0/8
It doesn't work, which I expected.

However, to test (IE, disprove) your theory of how to properly block ip addresses in ufw on my computer, I decided to remove the currently working rule of ...
Quote:
66.135.40.54 80 DENY OUT Anywhere (out)
... which has successfully blocked rabble.ca (the political chat site I earlier referenced), and instead follow the structure of your suggestion on this ip address (as a test). So, as expected, after removing that rule, I now can access rabble.ca. Then, following the structure of your suggestion (for this now unblocked site), I did the following:

Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny from 66.135.40.54
[sudo] password for mark: 
Rule added
mark@mark-OptiPlex-755:~$
The rule from this command was rendered as follows:
Quote:
Anywhere DENY IN 66.135.40.54
Which, of course, does nothing. I can access the site of rabble.ca now even with this rule in place. What the rule is saying is the outside world cannot come into my computer and receive 66.135.40.54. But "66.135.40.54" is not in my computer, so it's irrelevant. I'm not that ip. I'm not serving rabble.ca. And thus since I removed the rule that forbid me going out and accessing this ip address, naturally I now can browse there.

Now I will fix this.

Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny out to 66.135.40.54 port 80
[sudo] password for mark: 
Rule added
mark@mark-OptiPlex-755:~$
And now I cannot access the site. I cannot go out to it. Note: I specified the port so that I can still receive email from them. I've also entirely blocked other sites using this method (and with no port specified) which works.

ETA:

Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny from 54.224.0.0/12
[sudo] password for mark: 
Rule added
This also didn't work.

Last edited by mark_alfred; 09-05-2014 at 10:07 PM.
 
Old 09-05-2014, 08:55 PM   #12
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572

Original Poster
Rep: Reputation: 210Reputation: 210Reputation: 210
I tried the ip address that keefaz gave, but it didn't work.
Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny out to 54.224.0.0/12
Rule added
mark@mark-OptiPlex-755:~$
Flagfox now reports the ip address as being 54.192.55.169. Doesn't seem possible to pin down the address.
 
Old 09-05-2014, 09:19 PM   #13
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572

Original Poster
Rep: Reputation: 210Reputation: 210Reputation: 210
Seems some of the ip addresses for euchre-cardgame.com go straight to an Amazon web building site known as aws.amazon.com. There doesn't seem a way to pin down an exact ip address, and thus not a way to block it with ufw. Hmm. Annoys me to discover that this is something I assumed that I could control but now I discover I can't. This is the first time I've not been able to block a site with ufw. I'm guessing it won't be the last.
 
Old 09-06-2014, 04:33 AM   #14
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
The commands I suggested should work if there are not other rules that bypass them

Check with
Code:
sudo ufw status verbose
 
Old 09-06-2014, 10:48 AM   #15
mark_alfred
Senior Member
 
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572

Original Poster
Rep: Reputation: 210Reputation: 210Reputation: 210
Here it is keefaz.

Code:
mark@mark-OptiPlex-755:~$ sudo ufw status verbose
Status: active
Logging: on (medium)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80                         ALLOW IN    Anywhere
22                         DENY IN     Anywhere
443                        DENY IN     Anywhere
2812                       DENY IN     Anywhere
80 (v6)                    ALLOW IN    Anywhere (v6)
22 (v6)                    DENY IN     Anywhere (v6)
443 (v6)                   DENY IN     Anywhere (v6)
2812 (v6)                  DENY IN     Anywhere (v6)

66.135.40.54 80            DENY OUT    Anywhere

mark@mark-OptiPlex-755:~$
The ip address listed as "deny out" is blocked (that being rabble.ca). Removing this rule, and instead using your command, ends up simply unblocking this site. The rule from your command is rendered backward from the deny out entry above. To illustrate, I'll remove the the rules and replace it with the rule that results from your command:
Code:
mark@mark-OptiPlex-755:~$ sudo ufw deny from 66.135.40.54
.

Code:
mark@mark-OptiPlex-755:~$ sudo ufw status verbose
Status: active
Logging: on (medium)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80                         ALLOW IN    Anywhere
22                         DENY IN     Anywhere
443                        DENY IN     Anywhere
2812                       DENY IN     Anywhere
Anywhere                   DENY IN     66.135.40.54
80 (v6)                    ALLOW IN    Anywhere (v6)
22 (v6)                    DENY IN     Anywhere (v6)
443 (v6)                   DENY IN     Anywhere (v6)
2812 (v6)                  DENY IN     Anywhere (v6)

mark@mark-OptiPlex-755:~$
Anyway, I tend to like doing what works, rather than doing what doesn't work. And your command did not work since I now can access rabble.ca, whereas before I couldn't -- it was blocked.

What I can't figure out is why blocking the ip address of euchre-cardgame.com does not work (regardless of whether I'm using your suggested command or the command I've successfully relied upon in the past). Are you able to block the site euchre-cardgame.com with ufw?

Last edited by mark_alfred; 09-06-2014 at 11:01 AM.
 
  


Reply

Tags
ufw


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Why is UFW/iptables blocking packets it shouldn't be? d2d2 Linux - Networking 6 05-31-2014 09:04 PM
[SOLVED] Help Me!! UFW blocking weird IPs? mryemeni Linux - Security 3 02-06-2014 12:33 PM
UFW blocking certain incoming requests and not sure why smells_of_elderberries Linux - Security 10 04-02-2013 06:19 PM
Blocking dhcpd address lease for specific MAC address kulman Linux - Server 8 03-30-2013 01:51 PM
[SOLVED] Whether ufw iptables support nating & Mac address restriction through firewall sanjay87 Linux - Server 1 03-05-2012 09:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration