I followed your tutorial to install Apache/Tomcat 8.5 on Debian.
Then I followed your advice to install ufw.
However Apache does not show in “ufw app list” and it does not seem to filter IP addresses I added with “ufw deny from”
Example:
ufw deny from 46.229.0.0/16
/var/log/apache2/access.log

46.229.168.131 - - [26/Dec/2019:07:41:24 +0100] “GET /myWebApp/servlet/ etc

What have I missed ?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hi @ZajaczkowskiMathias,

I’ll most probably guess you have put the rule at the bottom. The order of the firewall rules is important. Since you have allowed port 80 for all( I would only assume) at the beginning, this rule will match for all request and the deny rule that comes later will never be matched.

So, if you need to block something particularly, put it at the beginning and then allow all.

To see your rules with a reference number, use this:

sudo ufw status numbered

Then remove the deny rule first that you have added:

sudo ufw delete rule_number_here

Then add it again at the top:

sudo ufw insert 1 deny from xx.xx.xx.xx to any

Regards,
KDSys

Hi KDSys,
Thanks a lot for your help.
Your guess about the place where I put the rule is right!

My ufw status says:
Status: active

 To                         Action      From
 --                         ------      ----

[ 1] 22 DENY IN Anywhere
[ 2] 50683 ALLOW IN Anywhere
[ 3] 80 DENY IN Anywhere
[ 4] 443 ALLOW IN Anywhere
[ 5] Anywhere DENY IN 216.244.66.195
[ 6] 5432 ALLOW IN Anywhere
[ 7] 5555 ALLOW IN Anywhere
[ 8] Anywhere DENY IN 91.242.162.70
[ 9] Anywhere DENY IN 157.55.0.0/22
[10] Anywhere DENY IN 216.245.221.82
[11] Anywhere DENY IN 66.249.0.0/22
[12] Anywhere DENY IN 3.233.224.8
[13] Anywhere DENY IN 40.77.0.0/22
[14] Anywhere DENY IN 85.25.177.219
[15] Anywhere DENY IN 46.229.0.0/16
[16] Anywhere DENY IN 157.55.0.0/16
[17] Anywhere DENY IN 66.249.0.0/16
[18] Anywhere DENY IN 40.77.0.0/16
[19] Anywhere DENY IN 207.46.0.0/16
[20] Anywhere DENY IN 17.58.0.0/16
[21] 22 DENY IN Anywhere (v6)
[22] 50683 ALLOW IN Anywhere (v6)
[23] 80 DENY IN Anywhere (v6)
[24] 443 ALLOW IN Anywhere (v6)
[25] 5432 ALLOW IN Anywhere (v6)
[26] 5555 ALLOW IN Anywhere (v6)

So if I understand you correctly I have to:
ufw delete 15
ufw insert 1 deny from 46.229.0.0/16 to any

That’s what I did and now ufw staus says:
Status: active

 To                         Action      From
 --                         ------      ----

[ 1] Anywhere DENY IN 46.229.0.0/16
[ 2] 22 DENY IN Anywhere
[ 3] 50683 ALLOW IN Anywhere
[ 4] 80 DENY IN Anywhere
[ 5] 443 ALLOW IN Anywhere
etc …

Does it look correct ?
I’ll check soon my ufw.log and if I see some 46.229.xxx.yyy blocked, I’ll repeat it for my other DENY’s with ufw insert 2(3,4, etc) deny from …

Do I have to do something similar for v6 rules ?

Kind regards.

Submit an Answer