파일 위치
|
1 2 3 |
vi /etc/ufw/before.rules |
IP Drop 줄 추가
|
1 2 3 |
-A ufw-before-input -s 192.168.123.123 -j DROP |
Sample
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
vi /etc/ufw/before.rules # # rules.before # # Rules that should be run before the ufw command line added rules. Custom # rules should be added to one of these chains: # ufw-before-input # ufw-before-output # ufw-before-forward # # Don't delete these required lines, otherwise there will be errors *filter :ufw-before-input - [0:0] :ufw-before-output - [0:0] :ufw-before-forward - [0:0] :ufw-not-local - [0:0] # End required lines #-A ufw-before-input -s 51.89.207.245 -j DROP #-A ufw-before-input -s 196.245.149.0/24 -j DROP #-A ufw-before-input -s 50.3.88.0/24 -j DROP #-A ufw-before-input -s 165.231.133.0/24 -j DROP #-A ufw-before-input -s 104.160.17.0/24 -j DROP #-A ufw-before-input -s 5.180.244.0/24 -j DROP #-A ufw-before-input -s 185.96.162.0/24 -j DROP #-A ufw-before-input -s 86.67.107.0/24 -j DROP #-A ufw-before-input -s 20.62.9.0/24 -j DROP #-A ufw-before-input -s 51.195.188.0/24 -j DROP #-A ufw-before-input -s 23.102.134.0/24 -j DROP #-A ufw-before-input -s 35.160.210.0/24 -j DROP #-A ufw-before-input -s 20.73.1.0/24 -j DROP #-A ufw-before-input -s 35.160.210.230 -j DROP #-A ufw-before-input -s 40.74.246.0/24 -j DROP #-A ufw-before-input -s 78.96.191.0/24 -j DROP #-A ufw-before-input -s 188.40.240.200 -j DROP #-A ufw-before-input -s 181.197.0.0/16 -j DROP #-A ufw-before-input -s 51.81.111.0/24 -j DROP #-A ufw-before-input -s 79.252.15.177 -j DROP #-A ufw-before-input -s 142.54.177.3 -j DROP #-A ufw-before-input -s 194.163.154.7 -j DROP #-A ufw-before-input -s 173.208.244.90 -j DROP #-A ufw-before-input -s 69.30.0.0/16 -j DROP #-A ufw-before-input -s 107.150.0.0/16 -j DROP #-A ufw-before-input -s 192.151.145.142 -j DROP #-A ufw-before-input -s 198.204.0.0/16 -j DROP #-A ufw-before-input -s 20.185.0.0/16 -j DROP #-A ufw-before-input -s 78.47.0.0/16 -j DROP #-A ufw-before-input -s 45.145.166.0/24 -j DROP -A ufw-before-input -s 20.115.42.0/24 -j DROP -A ufw-before-input -s 194.127.179.0/24 -j DROP # allow all on loopback: -A ufw-before-input -i lo -j ACCEPT -A ufw-before-output -o lo -j ACCEPT # quickly process packets for which we already have a connection -A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # drop INVALID packets (logs these in loglevel medium and higher) |
Save and ufw reload
|
1 2 3 4 5 |
wq! ufw reload |