[Cialug] Ubuntu question, ..
David Champion
dchamp1337 at gmail.com
Mon Sep 25 19:14:15 UTC 2023
Rule order? Do you need to move the deny rule above the allow 80/443
anywhere?
-dc
On Mon, Sep 25, 2023 at 1:51 PM L. V. Lammert <lvl at omnitec.net> wrote:
> Interesting problem - seeing a bot attack on a website, so I banned that
> IP:
>
> #ufw status verbose
> Status: active
> Logging: off
> Default: deny (incoming), allow (outgoing), disabled (routed)
> New profiles: skip
>
> To Action From
> -- ------ ----
> 80/tcp ALLOW IN Anywhere
> 443/tcp ALLOW IN Anywhere
> 2206 ALLOW IN Anywhere
> Anywhere DENY IN 100.21.24.205
>
> So, .. how come that IP is still posting traffic in the site logs three
> minutes AFTER it was denied?
>
> 52.25.208.208 - - [25/Sep/2023:18:20:14 +0000] "GET ... 200 33537 "-"
> "TinyTestBot"
>
> TIA!
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>
More information about the Cialug
mailing list