[Cialug] My Ubuntufoo is apparently lacking, ..
Mike Hughes
mike at visionary.com
Thu Jan 25 17:13:15 UTC 2024
I found that adding an IP to a block rule wasn't effective without resetting the firewall. Essentially the statefullness of the firewall allows existing connections to continue despite a new block rule being added.
Does UFW have a reload command?
________________________________
From: Cialug <cialug-bounces at cialug.org> on behalf of L. V. Lammert <lvl at omnitec.net>
Sent: Thursday, January 25, 2024 10:46 AM
To: Central Iowa Linux Users Group <cialug at cialug.org>
Subject: [Cialug] My Ubuntufoo is apparently lacking, ..
After adding an IP reject with ufw:
# ufw reject from 136.243.228.198 to any
#ufw status
Status: active
To Action From
-- ------ ----
Anywhere DENY 159.65.143.27
2206 ALLOW Anywhere
25 ALLOW Anywhere
465 ALLOW Anywhere
965 ALLOW Anywhere
953 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
Anywhere REJECT 66.249.70.193
Anywhere REJECT 136.243.228.19
Which also shows in iptables:
0 0 REJECT all -- * * 66.249.70.193 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- * * 136.243.228.198 0.0.0.0/0 reject-with icmp-port-unreachable
Why is it still accepting traffic FROm that IP??
136.243.228.198 - - [25/Jan/2024:11:35:15 -0500] "GET /product/W?1705...
---------------
Also tried directly with iptables:
#iptables -vnL | grep 136.243.228.198
???
_______________________________________________
Cialug mailing list
Cialug at cialug.org
https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
More information about the Cialug
mailing list