I've been working on a solution to this for weeks, and I'm about to say screw it and write a python app that can actually block IP addresses, because so far nothing seems to work like it's supposed to.
/etc/hosts can't block a range of IP addresses, nor can it block the URL I'm trying to block,
and there doesn't seem to be a decent GUI that can manage iptables locally without insecurities like ssh (fwbuilder) that isn't unavailable (firestarter).
So I'm stuck to using gufw which in itself doesn't want to work:
The site shown is an ad cdn I'm trying to block for an app I use. (the log is empty)
I think I'm starting to understand why every search I do refers to cumbersome terminal solutions like ufw or iptables...
Is there any way to actually get gufw to work like it's supposed to??
The short answer:
Don't Bother.
The long answer:
Nobody in the linux security space focuses on making a sensible UI for less-informed users that functions appropriately for local management.
Remove ufw and gufw, and rely strictly on iptables.
If you want something easy that works like you'd expect it to, focus on a rules file for iptables:
(please don't use your home directory like my example shows, use a higher privileged directory like
/etc/)This is no more tedious (and is the recommended method) than modifying hosts, other than of course having to execute the command
$ sudo iptables-restore < /home/tcll/rulesevery time a change is made.(note that I used the directory relative to the image, you'll want to change this to something like
/etc/rules)If you already have a ton of rules saved and want to export them, use
$ sudo iptables-save > /home/tcll/ruleswith your directory of course.(you'll want to prune these if you previously used gufw because ufw destroys it with tons of params)
This solution was the only thing that worked for me before, and continues to prove itself after 6 years.