Uncomplicated Firewall (
ufw) is one of the greatest frontends to IPTables I’ve encountered. It is very simple to use and I just wish it was also available for Gentoo. Up until recently everything went smoothly for me and
ufw, but we hit some rough waters when I’ve tried to block an IP range.
To block an IP or IP range in ufw you should do
sudo ufw deny from 18.104.22.168/21
But here is the catch. Only the recent versions of
ufw (which the version that comes with Ubuntu 8.04 isn’t one of them) support inserting new rules. When you add a rule it gets appended. So if you had a rule before that allows everyone to connect to your server on port 80, it also allows the IP range you’re trying to block, to connect to your machine.
As it’s impossible to foresee all the rules you might use, one has to resort to deleting all the rules he has to override, then re-add them so they will be after the rule that blocks the IP range. However I disliked the idea and looked for a simpler solution.
The easiest method I’ve found was to manully edit
sudo vim /var/lib/ufw/user.rules
And then move the rule I’ve added, which looks like this:
### tuple ### deny any any 0.0.0.0/0 any 22.214.171.124/21 -A ufw-user-input -s 126.96.36.199/21 -j DROP
above any other rules in the configuration file.
Afterward, you’ll have to restart
ufw so it will reload its configurations.
sudo ufw disable sudo ufw enable