Does order of UFW rules matter?
Solution 1
Does the order of the rules actually matter?
Yes it does. Denies should be first in this case since they are more specific (more specific rules should go first). Example
Is there a more effective way to handle spammy requests than manually
fail2ban can scan logs, and add IPs to many types of filtering systems that match defined patterns.
Solution 2
You can instruct ufw to insert rules at a given position:
ufw insert 1 deny from <ip> to any
This inserts the deny rule in first position instead of last.
Related videos on Youtube
Thank you
Updated on September 18, 2022Comments
-
Thank you almost 2 years
When I first initialized my ufw, I did
ufw default allow outgoing ufw default deny incoming ufw allow 80/tcp ufw allow 22/tcp
Over the last week or so, I've been going through my access logs and banning IPs that are making malicious requests on my server
I'd do so using
ufw deny from <ip>
Here's my
ufw status verbose
All the IPs pasted here are from sick-filth spammers; take no pity on them
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 80/tcp ALLOW IN Anywhere 22/tcp ALLOW IN Anywhere Anywhere DENY IN 125.39.22.154 Anywhere DENY IN 222.124.200.250 Anywhere DENY IN 101.60.178.197 Anywhere DENY IN 115.184.115.200 Anywhere DENY IN 93.174.93.129 ... more ips ... 80/tcp (v6) ALLOW IN Anywhere (v6) 22/tcp (v6) ALLOW IN Anywhere (v6)
Question
What I'm noticing is that the
ALLOW
actions are before theDENY
actions.Does the order of the rules actually matter? Or can I rest peacefully knowing that my IP block has worked?
Side question: Is there a more effective way to handle spammy requests than manually
grep
ing access/error logs for malicious requests and blocking those IPs from making future requests? -
jbobbins almost 4 yearsThe example page you reference says "you must put the specific rules first". So if I wanted to deny from all except for a few trusted IP addresses, I would actually put the allow rules first, correct?
-
Zoredache almost 4 yearsYes, in that case you want your allow rules first.