2,187
edits
Difference between revisions of "Configuration (Ubuntu)"
Jump to navigation
Jump to search
→Deny a Specific Host: Updated with insert rule
(→Setup (Post v12): Updated with snmpd option to reduce how verbose logging level is) |
(→Deny a Specific Host: Updated with insert rule) |
||
| Line 71: | Line 71: | ||
=== Deny a Specific Host === | === Deny a Specific Host === | ||
If you want to deny a specific host (because its spamming or hacking you for example) you need to ensure that the deny rule is one of the first processed. Otherwise the host might still be able to access on port 80 (if you're running a web server and have a general allow rule for http traffic). | If you want to deny a specific host (because its spamming or hacking you for example) you need to ensure that the deny rule is one of the first processed. Otherwise the host might still be able to access on port 80 (if you're running a web server and have a general allow rule for http traffic). To do so you need to insert a deny rule at the top of your rule-set, | ||
To deny all traffic from 46.118.117.13... | To deny all traffic from 46.118.117.13... | ||
<pre> ufw insert 1 deny from 46.118.117.13 to any </pre> | |||
Alternatively you can edit the UFW config file direct, but the denied hosts will ''not'' appear when showing the firewall status, which will cause you problems later down the line... | |||
# Edit <code>/etc/ufw/before.rules</code> | # Edit <code>/etc/ufw/before.rules</code> | ||
# Create a new section under the <code> # drop INVALID packets </code> section (near the top of the file) | # Create a new section under the <code> # drop INVALID packets </code> section (near the top of the file) | ||
| Line 82: | Line 85: | ||
# Reload the firewall to apply the new config | # Reload the firewall to apply the new config | ||
#* <code> ufw reload </code> | #* <code> ufw reload </code> | ||
= SNMP = | = SNMP = | ||