I am getting repeated login attempts from this IP address, 45.135.232.165, apparently a known Russian abusive host. I want to block all traffic on all ports from the entire subnet 45.135.232.*, so I did
ufw deny from 45.135.232.0/24
ufw status shows the rule as
To Action From
-- ------ ----
Anywhere DENY 45.135.232.0/24
However, lastb still reports daily login attempts from the above mentioned address. What am I missing?
Best Answer
Under normal circumstances, the mentioned command should work perfectly. However, if it’s not working as expected, then you need to see if there’s an existing rule in the iptable allowing the same IP to have access to your machine. If that’s the case, then your system will give it priority over the deny rule because it appears first in the iptable rule set.
To fix this issue, you need to prioritize the ufw deny rule over the other rules set for the same IP/subnet on your system. Run the following command:
The insert 1 part in the above command puts the rule at 1st position in the iptables rule set. Hence, it’s prioritized over any other rule set for the same IP.
For different scenarios, you can check here that may help you.