78.128.113.62 - - [04/Jan/2020:19:59:33 +0530] "GET /efk-dashboard HTTP/1.1" 404 66914 "-" "python-requests/2.13.0"
There are multiple access records like this even after I have run the commands
ufw deny from 78.128.113.58/24 to any # for ufw
ip route add unreachable 78.128.113 # for fail2ban
I also restarted the fail2ban service after adding the ip.
How to fix this issue? I run out of ideas.
UFW rules are checked in sequence. The first rule that matches source and destination applies and remaining rules are ignored.
When you use a plain
ufw denycommand, the rule is added after the others (useufw statusto list the rules in order). If the source address matches analloworlimitline above yourdeny(and there is likely one), that allow/limit line applies and your rule is not checked.To make sure your rule appears first, do:
The previous answer address why the
ufwcommand didn't have an effect. However it does not explain why theip routecommand had no effect.The reason it had no effect for you is that
78.128.113is being interpreted as78.128.113.0/32. Thus you are blocking only a single IP address which is not the one you are receiving traffic from. If you wanted to block the entire /24 IP range, you could use:It's important to notice that the
ipcommand will only block the return traffic not the incoming traffic. That means incoming traffic from that IP range may still consume some resources on your host by creating half-open TCP connections or sending packets to stateless services (usually UDP based).For those reasons a firewall rule such as those created with
ufwwill likely work better for your particular use case than anip routecommand.