Linux - Software This forum is for Software issues.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
#16
LQ Guru
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552
The commands did not work because this rule:
Code:
80 ALLOW IN Anywhere
..is probably applied before following rules
Now it's possible to insert rule at top position:
Code:
sudo ufw insert 1 deny from 54.224.0.0/12
check with:
Code:
sudo ufw status numbered
Last edited by keefaz; 09-06-2014 at 12:35 PM .
#17
LQ Guru
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552
Quote:
Originally Posted by
mark_alfred
Are you able to block the site euchre-cardgame.com with ufw?
I don't use ufw, sorry
But I am able to block euchre-cardgame.com with this iptables rule:
Code:
iptables -A INPUT -s 54.224.0.0/12 -j DROP
As ufw is frontend for iptables, ufw should be able to block same ip range
Last edited by keefaz; 09-06-2014 at 12:35 PM .
#18
Senior Member
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Original Poster
Thanks keefaz, that's interesting. I ran the command you gave, along with one targeting 54.192.55.220 since flagfox gave me that as the ip-address. Regardless, it did not work. Good to hear that it can work if things are set up right, though. Gives me hope.
Code:
mark@mark-OptiPlex-755:~$ sudo ufw status verbose
Status: active
Logging: on (medium)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
Anywhere DENY IN 54.192.0.0/12
Anywhere DENY IN 54.224.0.0/12
80 ALLOW IN Anywhere
22 DENY IN Anywhere
443 DENY IN Anywhere
2812 DENY IN Anywhere
80 (v6) ALLOW IN Anywhere (v6)
22 (v6) DENY IN Anywhere (v6)
443 (v6) DENY IN Anywhere (v6)
2812 (v6) DENY IN Anywhere (v6)
31.192.117.132 DENY OUT Anywhere
66.135.40.54 80 DENY OUT Anywhere
68.169.65.151 DENY OUT Anywhere
mark@mark-OptiPlex-755:~$
#19
LQ Guru
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552
Maybe you need to specify port number?
Code:
sudo ufw insert 1 deny proto tcp from 54.192.0.0/12 port 80
Enabling login may be usefull
Code:
sudo ufw logging on
Open another terminal to see the logs and
Code:
sudo tail -f /var/log/syslog
Then open euchre-cardgame.com url with your web browser and see what happens in the logs
#20
Senior Member
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Original Poster
To test, I removed the allow 80 top rule and the allow 80 (v6) rule, and added what you suggested:
Code:
mark@mark-OptiPlex-755:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] Anywhere DENY IN 54.224.0.0/12
[ 2] 22 DENY IN Anywhere
[ 3] 443 DENY IN Anywhere
[ 4] 2812 DENY IN Anywhere
[ 5] 31.192.117.132 DENY OUT Anywhere (out)
[ 6] 66.135.40.54 80 DENY OUT Anywhere (out)
[ 7] 68.169.65.151 DENY OUT Anywhere (out)
[ 8] 22 (v6) DENY IN Anywhere (v6)
[ 9] 443 (v6) DENY IN Anywhere (v6)
[10] 2812 (v6) DENY IN Anywhere (v6)
mark@mark-OptiPlex-755:~$
Still doesn't block the euchre site.
#21
Senior Member
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Original Poster
Code:
mark@mark-OptiPlex-755:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] Anywhere DENY IN 54.224.0.0/12 80/tcp
[ 2] Anywhere DENY IN 54.192.0.0/12 80/tcp
[ 3] 22 DENY IN Anywhere
[ 4] 443 DENY IN Anywhere
[ 5] 2812 DENY IN Anywhere
[ 6] 31.192.117.132 DENY OUT Anywhere (out)
[ 7] 66.135.40.54 80 DENY OUT Anywhere (out)
[ 8] 68.169.65.151 DENY OUT Anywhere (out)
[ 9] 22 (v6) DENY IN Anywhere (v6)
[10] 443 (v6) DENY IN Anywhere (v6)
[11] 2812 (v6) DENY IN Anywhere (v6)
mark@mark-OptiPlex-755:~$
Tried your suggestion. Still comes through.
#22
Senior Member
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Original Poster
Interesting. From the log, I saw the following:
Code:
Sep 6 16:06:56 mark-OptiPlex-755 kernel: [71395.571864] [UFW AUDIT] IN= OUT=ppp0 SRC=206.248.136.130 DST=54.192.55.164 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23103 DF PROTO=TCP SPT=53641 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0
Sep 6 16:06:56 mark-OptiPlex-755 kernel: [71395.571874] [UFW ALLOW] IN= OUT=ppp0 SRC=206.248.136.130 DST=54.192.55.164 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23103 DF PROTO=TCP SPT=53641 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0
Sep 6 16:06:56 mark-OptiPlex-755 kernel: [71395.575468] [UFW AUDIT] IN= OUT=ppp0 SRC=206.248.136.130 DST=54.192.55.164 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=64381 DF PROTO=TCP SPT=53642 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0
Sep 6 16:06:56 mark-OptiPlex-755 kernel: [71395.575477] [UFW ALLOW] IN= OUT=ppp0 SRC=206.248.136.130 DST=54.192.55.164 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=64381 DF PROTO=TCP SPT=53642 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0
Sep 6 16:06:56 mark-OptiPlex-755 kernel: [71395.577906] [UFW AUDIT] IN= OUT=ppp0 SRC=206.248.136.130 DST=54.192.55.164 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19511 DF PROTO=TCP SPT=53643 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0
Sep 6 16:06:56 mark-OptiPlex-755 kernel: [71395.577914] [UFW ALLOW] IN= OUT=ppp0 SRC=206.248.136.130 DST=54.192.55.164 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19511 DF PROTO=TCP SPT=53643 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0
Oddly it shows my ip as the src, and the euchre ip as the dst. I suppose it is a game site, so there is some flow from my ip to it. Regardless, the transaction was allowed.
To preserve my webserving capabilities, I did reopen port 80. But I still have "54.192.55.164" blocked:
Code:
mark@mark-OptiPlex-755:/var/log$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] Anywhere DENY IN 54.192.0.0/12 80/tcp
[ 2] 22 DENY IN Anywhere
[ 3] 443 DENY IN Anywhere
[ 4] 2812 DENY IN Anywhere
[ 5] 31.192.117.132 DENY OUT Anywhere (out)
[ 6] 66.135.40.54 80 DENY OUT Anywhere (out)
[ 7] 68.169.65.151 DENY OUT Anywhere (out)
[ 8] 80 ALLOW IN Anywhere
[ 9] 22 (v6) DENY IN Anywhere (v6)
[10] 443 (v6) DENY IN Anywhere (v6)
[11] 2812 (v6) DENY IN Anywhere (v6)
[12] 80 (v6) ALLOW IN Anywhere (v6)
mark@mark-OptiPlex-755:/var/log$
Some sites do get blocked, though. And these are ones that I have not been visiting (perhaps spiders or other roving sites).
Code:
Sep 6 16:13:13 mark-OptiPlex-755 kernel: [71772.426160] [UFW AUDIT] IN=ppp0 OUT= MAC= SRC=123.151.42.61 DST=206.248.136.130 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=12208 DPT=0 WINDOW=8192 RES=0x00 SYN URGP=0
Sep 6 16:13:13 mark-OptiPlex-755 kernel: [71772.426180] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=123.151.42.61 DST=206.248.136.130 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=12208 DPT=0 WINDOW=8192 RES=0x00 SYN URGP=0
My ip is the destination, and some ip from China is the src. It's blocked, for reasons I'm not sure of. I'm the dst here, not the src.
The political site rabble.ca that I've mentioned -- when I try to go there I get the following:
Code:
Sep 6 16:23:53 mark-OptiPlex-755 kernel: [72413.020056] [UFW AUDIT] IN= OUT=ppp0 SRC=206.248.136.130 DST=66.135.40.54 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=32403 DF PROTO=TCP SPT=35386 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0
It just continues to audit it without approving it, and thus I never see the site (it just unsuccessfully appears to be loading forever). Again my ip is the source in this transaction.
A frequent entry is the following one:
Code:
Sep 6 16:26:04 mark-OptiPlex-755 kernel: [72543.076292] [UFW ALLOW] IN= OUT=ppp0 SRC=206.248.136.130 DST=206.248.154.22 LEN=59 TOS=0x00 PREC=0x00 TTL=64 ID=56553 DF PROTO=UDP SPT=38906 DPT=53 LEN=39
the src is my ip, and the dst is a similar ip, likely associated with my ISP.
The euchre ip doesn't always show up when I visit the site. Sometimes it's different.
Here's another blocked ip. This came up right after I accessed the euchre site (but the euchre site came through).
Code:
Sep 6 16:31:29 mark-OptiPlex-755 kernel: [72868.198097] [UFW AUDIT] IN=ppp0 OUT= MAC= SRC=211.150.122.83 DST=206.248.136.130 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=20473 PROTO=TCP SPT=42969 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0
Sep 6 16:31:29 mark-OptiPlex-755 kernel: [72868.198110] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=211.150.122.83 DST=206.248.136.130 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=20473 PROTO=TCP SPT=42969 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0
The blocked ip seems to be "211.150.122.83".
Anyway, clearly I'm not going to figure it out. I was just curious, but it's not crucial.
Last edited by mark_alfred; 09-06-2014 at 03:45 PM .
#23
LQ Guru
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552
Don't worry about the frequent entries with UDP dpt 53, most certainly DNS requests
The logs make sense somewhat, in the sense as they show what you experienced
Maybe there are other rules set as default for ufw, defined in some files in /etc
You could check all applied rules with
Code:
sudo iptables -L -n -v
#24
Senior Member
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Original Poster
Thanks for your feedback. Here's the result of your last suggestion. I haven't a clue what any of this means.
Code:
mark@mark-OptiPlex-755:~$ sudo iptables -L -n -v
Chain INPUT (policy DROP 23 packets, 1489 bytes)
pkts bytes target prot opt in out source destination
291K 327M ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
291K 327M ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0
743 38328 ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0
677 34648 ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
677 34648 ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0
677 34648 ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-before-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-reject-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-track-forward all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 79 packets, 24478 bytes)
pkts bytes target prot opt in out source destination
223K 41M ufw-before-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0
223K 41M ufw-before-output all -- * * 0.0.0.0/0 0.0.0.0/0
19713 1553K ufw-after-output all -- * * 0.0.0.0/0 0.0.0.0/0
19713 1553K ufw-after-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0
19713 1553K ufw-reject-output all -- * * 0.0.0.0/0 0.0.0.0/0
19713 1553K ufw-track-output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination
22 1716 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
20 880 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
24 1084 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
0 0 ufw-skip-to-policy-input all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
23 1489 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination
254 46359 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ufw-user-forward all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination
26827 22M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
263K 304M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
76 3841 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
76 3841 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
7 220 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
1192 63140 ufw-not-local all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 239.255.255.250 udp dpt:1900
1192 63140 ufw-user-input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "
Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination
101 6049 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "
Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination
232 30494 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "
Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination
26827 22M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
176K 17M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
20231 1584K ufw-user-output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source destination
7 296 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT INVALID] "
7 296 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source destination
1192 63140 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-input (7 references)
pkts bytes target prot opt in out source destination
66 3680 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-track-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-output (1 references)
pkts bytes target prot opt in out source destination
5731 478K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
13211 877K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 54.192.0.0/12 0.0.0.0/0 tcp spt:80
6 248 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:22
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:443
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2812
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2812
34 2040 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80
Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 31.192.117.132
42 2520 DROP tcp -- * * 0.0.0.0/0 66.135.40.54 tcp dpt:80
0 0 DROP udp -- * * 0.0.0.0/0 66.135.40.54 udp dpt:80
28 1680 DROP all -- * * 0.0.0.0/0 68.169.65.151
mark@mark-OptiPlex-755:~$
#25
LQ Guru
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552
I think this rule in Chain ufw-before-input (applied before user rules) :
Code:
263K 304M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
makes my command not work
TCP is a relation protocol with handshake, when you open an url the connection is being established.
So this rule allows any established connections before any input user rules set with ufw
You can block input access with ufw but not an established input connection
You were right finally, when you block IPs in rules for output traffic
I would try:
Code:
sudo ufw insert 1 deny out to 54.192.0.0/12
1 members found this post helpful.
#26
Senior Member
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Original Poster
That last one worked! I'm not completely sure why this time, but it is now blocking it. Thanks.
#27
LQ Guru
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552
Good! You tried it before?
#28
Senior Member
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Original Poster
No. I had tried a variant, but not that exact command.
#29
LQ Guru
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552
I don't know what you call last 3 digits
Is it: 54.192.0.
128
or: 54.
192.0.128
If it's only the last number (eg 128), you can use a 24 netmask, so blocked ips would be: 54.192.0.1 to 54.192.0.254
Range is noted:
If it's the 3 last numbers (eg 192.0.128), I'm affraid you need the netmask set to 12 as shown in the link I posted
Maybe play with the netmask, the greater the number, the lesser the range becomes
#30
Senior Member
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Original Poster
Hmm, seems it's too broad. If there was a way to keep the first three numbers as 54.192.55, and then set a wildcard for the last number, then it might not interfere with the amazon (and no doubt other) sites. Oh well. I tried the range number you have above but that didn't block it.
All times are GMT -5. The time now is 05:07 PM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
