慢慢赚钱博客

133 views
4月 6 2021

ubuntu操作系统下使用ufw防火墙禁用封ip

禁止ip语法:
sudo ufw deny from {ip-address-here} to any

禁止来自 192.168.1.5 的所有包:
sudo ufw deny from 192.168.1.5 to any

也可以拒绝来自 一个ip的 的包:
sudo ufw reject from 202.54.5.7 to any

以上reject会返回拒绝的消息,但是drop没有任何信息。

先看ufw的顺序号:
$ sudo ufw status numbered
$ sudo ufw status

拒绝指定ip和端口:
ufw deny from {ip-address-here} to any port {port-number-here}
ufw deny from 202.54.1.5 to any port 80

To Action From
-- ------ ----
[ 1] 192.168.1.10 80/tcp ALLOW Anywhere
[ 2] 192.168.1.10 22/tcp ALLOW Anywhere
[ 3] Anywhere DENY 192.168.1.5
[ 4] 80 DENY IN 202.54.1.5

拒绝ip,端口,协议的语法:

sudo ufw deny proto {tcp|udp} from {ip-address-here} to any port {port-number-here}

$ sudo ufw deny proto tcp from 202.54.1.1 to any port 22
$ sudo ufw status numbered

拒绝一个子网:
$ sudo ufw deny proto tcp from sub/net to any port 22
$ sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22

删掉某一条规则,即查询并删除那个数字
$ sudo ufw status numbered
$ sudo ufw delete NUM
$ sudo ufw delete 4

Sample outputs:

Deleting:
deny from 202.54.1.5 to any port 80
Proceed with operation (y|n)? y
Rule deleted

如果规则不生效,那就是顺序号问题,可以收工填入
$ sudo vi /etc/ufw/before.rules
从“End required lines”下填入:
-A ufw-before-input -s 178.137.80.191 -j DROP
# Block ip/net (subnet)
-A ufw-before-input -s 202.54.1.0/24 -j DROP
保存后重启ufw:
$ sudo ufw reload

以下是直接插到第一条的规则,并可以做注释
$ sudo ufw insert 1 deny from {BADIPAddress-HERE}
$ sudo ufw insert 1 deny from 178.137.80.191 comment 'block spammer'
$ sudo ufw insert 1 deny from 202.54.1.0/24 comment 'Block DoS attack subnet'

批量设置的方法:

# add subnet too #
IPS="192.168.2.50 1.2.3.4 123.1.2.3 142.1.2.3 202.54.1.5/29"
for i in $IPS
do
sudo ufw insert 1 deny from "$i" comment "IP and subnet blocked"
done

另外一个方法是从文件读取,例如一个文件:blocked.ip.list
203.1.5.6
204.5.1.7
45.146.164.157
2620:149:e0:6002::1f1
185.38.40.66
185.220.101.0/24

在bash里用loop循环:

while IFS= read -r block
do
sudo ufw insert 1 deny from "$block"
done < "blocked.ip.list"

Written by moneyslow.com

moneyslow.com真棒!


京ICP备11047313号-19