Linux, Security

Using UFW as IP Blacklist

Introduction:
There are instances where a service provider is taking care of the Firewall which is working between Internet and the rented server.
In this case only certain standard ports will be made available to access the rented server.
But what if you need a general use ‘blacklist’ firewall that will filter out abusive traffic on available ports.
In this case UFW in ‘Allow’ default mode is a good choice.
UFW (Uncomplicated FireWall)is a full featured firewall for Linux that has its default rule as ‘Deny’ and the extra rules given are meant to open any wanted ports.
In this example we set the default rule as ‘Allow’, giving us the possibility to add a list of IPs to block access on certain ports.

Setting UFW default rules as ‘Allow’
ufw default allow incoming
The syntax for allowing traffic is similar.
ufw default allow outgoing
Blocking an IP(xx.xx.xx.xx) from accessing port 443
ufw deny from xx.xx.xx.xx to any port 443
Deleting the IP from the blacklist:
ufw status numbered
Noting in which rule number the IP is listed and noting this number in th following delete command:
(For example Rule 24)
ufw delete 24
Response:(Needs to be confirmed with ‘y’)

deny from 95.217.69.196 to any port 443
Proceed with operation (y|n)? y
Rule deleted