How To Permanently Ban An IP Address With UFW In Linux

Have you found an IP address trying to “crack” or “hack” into your computer, website, or server? This article will show you how to easily permanently ban an IP address in Linux with the program called ufw.

Image via pixabay.com

Ubuntu and its derivatives should come with ufw by default. In other os’es like Debian, you can install ufw with sudo apt-get install ufw, or just search the package manager for your distro and look for ufw. UFW stands for “Uncomplicated Firewall”, and it really is very easy to use.

Let’s assume that you checked your log files in

/var/log/

and you found an unwelcome “blackhat hacker’s” computer along with its IP address trying to hack into your site. Well, thankfully there is an easy way to permanently ban an ip address in Linux.

Below is a real example of a part of an nginx log file where someone was trying to hack into one of my sites:

How To Permanently Ban An IP Address In Linux

The form of how to permanently ban an ip address in Linux is below:
sudo ufw deny from persons_ip_address to any

Let’s say the ip address you want to ban is 127.0.0.3

Then the command would be;
sudo ufw deny from 127.0.0.3 to any

A screenshot of ufw permanently denying an ip address.

All you need to do is to change the ip address that you want to ban.

To check that the ban is in place, you can run the following command

sudo ufw status

You should see output like the following (remember that the ip address will be likely be different based on what you chose.)

Status: active

To Action From
-- ------ ----
Anywhere DENY 127.0.0.3

How To Remove A Permanent Ban In UFW

If you decide you want to unban an ip address in ufw, it’s easy to do so.

The basic form of removing a permanent ban is like the following:
sudo ufw delete deny from persons_ip_address to any

To unban 127.0.0.3, you would run:
sudo ufw delete deny from 127.0.0.3 to any

And, you can check that the ip address was unbanned with the following command:

sudo ufw status

With the above command’s output, you should have seen that the IP address is no longer permanently banned.

Did you like this article? Do you have anything to add? Let’s discuss it in the comments below.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.