Question

34

IP getting access even after blocking

rated 0 times [ 34] [ 0] / answers: 1 / hits: 3144 / 2 Years ago, wed, july 6, 2022, 2:55:42

78.128.113.62 - - [04/Jan/2020:19:59:33 +0530] "GET /efk-dashboard HTTP/1.1" 404 66914 "-" "python-requests/2.13.0"

There are multiple access records like this even after I have run the commands

ufw deny from 78.128.113.58/24 to any  # for ufw

ip route add unreachable 78.128.113    # for fail2ban

I also restarted the fail2ban service after adding the ip.

How to fix this issue? I run out of ideas.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

ousear

Add To Favorites

Follow

Total Points: 395

Total Questions: 114

Total Answers: 89

Location: Jordan

Member since Thu, Aug 5, 2021

3 Years ago

ousear questions

1 Linux script with logfile that changes names

Tue, Sep 27, 22, 03:29, 2 Years ago

1 How do I force microk8s kubectl to generate a token for my dashboard?

Sat, Apr 29, 23, 04:10, 1 Year ago

1 Why does installing Wine uninstall other packages?

Thu, Nov 25, 21, 00:51, 2 Years ago

1 vlc doesn't run again after quit

Tue, Feb 22, 22, 17:47, 2 Years ago

1 Ubuntu: Looking for simple way to run an application from the terminal

Sat, Oct 9, 21, 02:33, 3 Years ago

View All

answered 2 Years ago soahan · Accepted Answer

UFW rules are checked in sequence. The first rule that matches source and destination applies and remaining rules are ignored.

When you use a plain ufw deny command, the rule is added after the others (use ufw status to list the rules in order). If the source address matches an allow or limit line above your deny (and there is likely one), that allow/limit line applies and your rule is not checked.

To make sure your rule appears first, do:

ufw insert 1 deny from 78.128.113.58/24 to any