ufw-deny: Block Specific Network Connections

Overview

ufw-deny is one of the core functionalities of UFW (Uncomplicated Firewall), which sets rules to explicitly block specific network traffic entering or leaving the system. This is crucial for defining security policies for servers or workstations and is used to prevent malicious access or unnecessary service exposure.

Key Features

You can block the following types of connections using ufw-deny:

Block access to specific port numbers (e.g., HTTP, SSH)
Block access from specific IP addresses or subnets
Block connections based on specific protocols (TCP, UDP)
Block access according to predefined application profiles

Key Options

These are the main options used with the ufw deny command. You can set granular blocking rules by combining these options.

Specify Destination and Direction

Generated command:

Try combining the commands.

Description:

`ufw-deny` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Here are various examples of setting network blocking rules using the ufw-deny command.

Block Access to Port 80 (HTTP) from All External IPs

sudo ufw deny 80

Blocks all incoming connections to port 80 of the web server.

Block All Connections from a Specific IP Address

sudo ufw deny from 192.168.1.100

Blocks all incoming connections from a specific malicious IP address (e.g., 192.168.1.100).

Block TCP Connections to Port 22 (SSH) from a Specific IP Address

sudo ufw deny from 192.168.1.100 to any port 22 proto tcp

Blocks only TCP connections to the SSH port from a specific IP, while keeping other services available.

Block Access to a Specific Application (e.g., Apache)

sudo ufw deny Apache

Blocks web server access according to the Apache profile defined in UFW.

Block Outbound UDP Connections on Port 53 (DNS)

sudo ufw deny out 53 proto udp

Blocks DNS queries (UDP port 53) originating from the system to the outside.

Installation

UFW is installed by default on most Ubuntu/Debian-based systems, but it may need to be installed manually on other distributions or minimal installations.

Debian/Ubuntu Based Systems

sudo apt update && sudo apt install ufw

Installs UFW using the APT package manager.

CentOS/RHEL/Fedora Based Systems

sudo dnf install ufw

Installs UFW using the DNF (or Yum) package manager.

Tips & Precautions

When using the ufw-deny command, you should carefully set rules considering system accessibility. Incorrect rules can disrupt the operation of important services.

Key Tips

**Importance of Rule Order**: UFW rules are processed from top to bottom, so consider the order to ensure specific rules are not invalidated by others. Generally, 'deny' rules may need to be applied before 'allow' rules.
**Check Default Policy**: Use the `sudo ufw status verbose` command to check the current default policy of UFW (e.g., default deny) and change it if necessary, such as with `sudo ufw default deny incoming`.
**SSH Access Caution**: When working on a remote server, blocking the SSH port (default 22) will make the server inaccessible. Therefore, always ensure an SSH access allowance rule is set first (e.g., `sudo ufw allow ssh`).
**Deleting Rules**: You can delete specific rules by checking the rule numbers with `sudo ufw status numbered` and then using `sudo ufw delete <number>`.
**Enabling/Disabling UFW**: Enable the firewall with `sudo ufw enable` and disable it with `sudo ufw disable`. When enabling, always verify that the SSH port allowance rule is in place.