moneyslow.com

ubuntu操作系统下使用ufw防火墙禁用封ip

ubuntu操作系统下使用ufw防火墙禁用封ip

from

moneyslow
of

10秒钟,读第一段就可以实操:

ufw status numbered
ufw app list
ufw app info 'Nginx Full'
ufw app info 'OpenSSH'
ufw allow 'OpenSSH'
ufw allow 'Nginx Full'
ufw enable
ufw status numbered
ufw allow from "1.2.3.4"
ufw status numbered
ufw allow from "1.162.0.0/16" comment "taiwan"
ufw status numbered

禁止ip语法:
sudo ufw deny from {ip-address-here} to any

禁止来自 192.168.1.5 的所有包:
sudo ufw deny from 192.168.1.5 to any

也可以拒绝来自 一个ip的 的包:
sudo ufw reject from 202.54.5.7 to any

以上reject会返回拒绝的消息,但是drop没有任何信息。

先看ufw的顺序号:
$ sudo ufw status numbered
$ sudo ufw status

拒绝指定ip和端口:
ufw deny from {ip-address-here} to any port {port-number-here}
ufw deny from 202.54.1.5 to any port 80

To Action From
— —— —-
[ 1] 192.168.1.10 80/tcp ALLOW Anywhere
[ 2] 192.168.1.10 22/tcp ALLOW Anywhere
[ 3] Anywhere DENY 192.168.1.5
[ 4] 80 DENY IN 202.54.1.5

拒绝ip,端口,协议的语法:

sudo ufw deny proto {tcp|udp} from {ip-address-here} to any port {port-number-here}

$ sudo ufw deny proto tcp from 202.54.1.1 to any port 22
$ sudo ufw status numbered

拒绝一个子网:
$ sudo ufw deny proto tcp from sub/net to any port 22
$ sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22

删掉某一条规则,即查询并删除那个数字
$ sudo ufw status numbered
$ sudo ufw delete NUM
$ sudo ufw delete 4

Sample outputs:

Deleting:
deny from 202.54.1.5 to any port 80
Proceed with operation (y|n)? y
Rule deleted

如果规则不生效,那就是顺序号问题,可以收工填入
$ sudo vi /etc/ufw/before.rules
从“End required lines”下填入:
-A ufw-before-input -s 178.137.80.191 -j DROP
# Block ip/net (subnet)
-A ufw-before-input -s 202.54.1.0/24 -j DROP
保存后重启ufw:
$ sudo ufw reload

以下是直接插到第一条的规则,并可以做注释
$ sudo ufw insert 1 deny from {BADIPAddress-HERE}
$ sudo ufw insert 1 deny from 178.137.80.191 comment ‘block spammer’
$ sudo ufw insert 1 deny from 202.54.1.0/24 comment ‘Block DoS attack subnet’

批量设置的方法:

# add subnet too #
IPS=”192.168.2.50 1.2.3.4 123.1.2.3 142.1.2.3 202.54.1.5/29″
for i in $IPS
do
sudo ufw insert 1 deny from “$i” comment “IP and subnet blocked”
done

另外一个方法是从文件读取,例如一个文件:blocked.ip.list
203.1.5.6
204.5.1.7
45.146.164.157
2620:149:e0:6002::1f1
185.38.40.66
185.220.101.0/24

在bash里用loop循环:

while IFS= read -r block
do
sudo ufw insert 1 deny from “$block”
done < “blocked.ip.list”

Ubuntu18.04防火墙ufw配置命令详解