Is there any way to lock the access to box.domain.name/admin from specific IP?
You can add iptables rules at the top. I’m using several years MiaB with my own rules before ufw, I not using ufw rules, I have a drop before starting ufw rules. For example I like to use GeoIP rules to allowing ssh or web only to my country.
In your case, to ban only one ip: iptables -A INPUT -p tcp -m multiport --dports 80,443 -s IP -j DROP -m comment --comment “Your note”
Remember that when the PC reboot, this rules will be lost. A script in crontab @reboot is enought, but take care to won’t ban you.