[Cialug] Ubuntu question, ..
kristau
kristau at protonmail.com
Mon Sep 25 19:53:23 UTC 2023
I agree with DC here. Your DENY from a specific host has to come before the ALLOWs from ANY host. Your denied host will match the From: Anywhere rules above it and never get to the deny with the way you specified here.
Thanks!
kristau
------- Original Message -------
On Monday, September 25th, 2023 at 2:14 PM, David Champion <dchamp1337 at gmail.com> wrote:
> Rule order? Do you need to move the deny rule above the allow 80/443
> anywhere?
>
> -dc
>
>
> On Mon, Sep 25, 2023 at 1:51 PM L. V. Lammert lvl at omnitec.net wrote:
>
> > Interesting problem - seeing a bot attack on a website, so I banned that
> > IP:
> >
> > #ufw status verbose
> > Status: active
> > Logging: off
> > Default: deny (incoming), allow (outgoing), disabled (routed)
> > New profiles: skip
> >
> > To Action From
> > -- ------ ----
> > 80/tcp ALLOW IN Anywhere
> > 443/tcp ALLOW IN Anywhere
> > 2206 ALLOW IN Anywhere
> > Anywhere DENY IN 100.21.24.205
> >
> > So, .. how come that IP is still posting traffic in the site logs three
> > minutes AFTER it was denied?
> >
> > 52.25.208.208 - - [25/Sep/2023:18:20:14 +0000] "GET ... 200 33537 "-"
> > "TinyTestBot"
> >
> > TIA!
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
More information about the Cialug
mailing list