Manually blocking ip's

got some russian ip’s trying to access mail…

so easy, right, just block the ip’s – well yes…
I manage firewalls on 4 other servers, and do this all the time, but the unrealistically complex setup of this firewall has me guessing.

ufw deny from xxx.xxx.xxx.xxx
iptables -A input -s xxx.xxx.xxx.xxx -j DROP
added drop rules to /etc/ufw/before.rules
added drop rules to /etc/ufw/after.rules
added drop rules to /etc/ufw/user.rules

none of these will work.
what chain can you put ip block rules ? – I suspect someone added the accept rules so high in the chain, it’s not possible.

Maybe this helps

Have you tried “ufw insert 1 deny ...” to put the rule at the top of the list?

I did not think about an insert… that helped… thanks

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.