IP Blocked in UFW, yet continue to see failed password attempts in auth.log

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
1
down vote

favorite












sudo ufw deny from 182.100.67.120
sudo service ufw restart


Yet, continuous entries in /var/log/auth.log



Feb 18 03:40:01 service sshd[2729]: Failed password for root from 182.100.67.120 port 51942 ssh2


If the IP is banned in UFW, why it is still getting into ssh login?






ufw







share|improve this question





















  • Try " sudo ufw status verbose " and past the output
    – Aravind
    Feb 18 at 9:48















up vote
1
down vote

favorite












sudo ufw deny from 182.100.67.120
sudo service ufw restart


Yet, continuous entries in /var/log/auth.log



Feb 18 03:40:01 service sshd[2729]: Failed password for root from 182.100.67.120 port 51942 ssh2


If the IP is banned in UFW, why it is still getting into ssh login?






ufw







share|improve this question





















  • Try " sudo ufw status verbose " and past the output
    – Aravind
    Feb 18 at 9:48













up vote
1
down vote

favorite









up vote
1
down vote

favorite











sudo ufw deny from 182.100.67.120
sudo service ufw restart


Yet, continuous entries in /var/log/auth.log



Feb 18 03:40:01 service sshd[2729]: Failed password for root from 182.100.67.120 port 51942 ssh2


If the IP is banned in UFW, why it is still getting into ssh login?






ufw







share|improve this question













sudo ufw deny from 182.100.67.120
sudo service ufw restart


Yet, continuous entries in /var/log/auth.log



Feb 18 03:40:01 service sshd[2729]: Failed password for root from 182.100.67.120 port 51942 ssh2


If the IP is banned in UFW, why it is still getting into ssh login?






ufw




ufw






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Feb 18 at 3:41









Allen King

1161




1161











  • Try " sudo ufw status verbose " and past the output
    – Aravind
    Feb 18 at 9:48

















  • Try " sudo ufw status verbose " and past the output
    – Aravind
    Feb 18 at 9:48
















Try " sudo ufw status verbose " and past the output
– Aravind
Feb 18 at 9:48





Try " sudo ufw status verbose " and past the output
– Aravind
Feb 18 at 9:48











1 Answer
1






active

oldest

votes

















up vote
0
down vote













I figured out. Since port 22 is already open from anywhere, to block an IP to port 22, the deny entry has to go above the allow anywhere entry in UFW list. So the right command is (just inserting to the top of the list) :



sudo ufw insert 1 deny from 182.100.67.120
sudo service ufw restart


But before this, first I had to delete the deny entry using:



sudo ufw status numbered


Get the serial number of the previously entered deny entry for the above port, then



sudo ufw delete <serial number >





share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "89"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1007271%2fip-blocked-in-ufw-yet-continue-to-see-failed-password-attempts-in-auth-log%23new-answer', 'question_page');

    );

    Post as a guest

















    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    I figured out. Since port 22 is already open from anywhere, to block an IP to port 22, the deny entry has to go above the allow anywhere entry in UFW list. So the right command is (just inserting to the top of the list) :



    sudo ufw insert 1 deny from 182.100.67.120
    sudo service ufw restart


    But before this, first I had to delete the deny entry using:



    sudo ufw status numbered


    Get the serial number of the previously entered deny entry for the above port, then



    sudo ufw delete <serial number >





    share|improve this answer
























      up vote
      0
      down vote













      I figured out. Since port 22 is already open from anywhere, to block an IP to port 22, the deny entry has to go above the allow anywhere entry in UFW list. So the right command is (just inserting to the top of the list) :



      sudo ufw insert 1 deny from 182.100.67.120
      sudo service ufw restart


      But before this, first I had to delete the deny entry using:



      sudo ufw status numbered


      Get the serial number of the previously entered deny entry for the above port, then



      sudo ufw delete <serial number >





      share|improve this answer






















        up vote
        0
        down vote










        up vote
        0
        down vote









        I figured out. Since port 22 is already open from anywhere, to block an IP to port 22, the deny entry has to go above the allow anywhere entry in UFW list. So the right command is (just inserting to the top of the list) :



        sudo ufw insert 1 deny from 182.100.67.120
        sudo service ufw restart


        But before this, first I had to delete the deny entry using:



        sudo ufw status numbered


        Get the serial number of the previously entered deny entry for the above port, then



        sudo ufw delete <serial number >





        share|improve this answer












        I figured out. Since port 22 is already open from anywhere, to block an IP to port 22, the deny entry has to go above the allow anywhere entry in UFW list. So the right command is (just inserting to the top of the list) :



        sudo ufw insert 1 deny from 182.100.67.120
        sudo service ufw restart


        But before this, first I had to delete the deny entry using:



        sudo ufw status numbered


        Get the serial number of the previously entered deny entry for the above port, then



        sudo ufw delete <serial number >






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Feb 19 at 4:54









        Allen King

        1161




        1161



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1007271%2fip-blocked-in-ufw-yet-continue-to-see-failed-password-attempts-in-auth-log%23new-answer', 'question_page');

            );

            Post as a guest
































































            -

            Popular posts from this blog

            How do so many people here on Academia.SE, and in general, afford lavish higher education programs?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 45 down vote favorite 7 I graduated last year with a BS in Computer Science. I do not come from a particularly wealthy family, (very low middle class), and was only able to afford my education via school loans/scholarships and working low-wage jobs, with no support from my family or anyone else. I realize some scholarship/loan programs extend into grad school. But I don't think those cover all costs. Now I'm lucky enough to have a decent-paying salary in industry, along with benefits and living on my own, and I'm thinking one day (sooner rather than later) I'd like to try my hand at research or continue my degree, but these things cost money, in addition to my regular living expenses. I read posts here often about academic people being in positions of choosing between these crazy research grad programs, some in Japan, or Ireland (while they currently live in the U.S./U.K.) then moving around between countries/universit...
            Read more

            Trouble downloading packages list due to a “Hash sum mismatch” error

            Image
            Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 331 down vote favorite 117 When I check for updates, I get a "Failed To Download Repository Information" error. This is what comes up under details: W: Failed to fetch gzip:/var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_natty_main_source_Sources Hash Sum mismatch, E: Some index files failed to download. They have been ignored, or old ones used instead. apt share | improve this question edited Nov 12 '14 at 23:37 Braiam 49.5k 19 130 210 asked May 9 '11 at 20:55 Rob 5,300 10 26 40 add a comment  |  up vote 331 down vote favorite 117 When I check for updates, I get a "Failed To Download Repository Information" error. This is what comes up under details: W: Failed to fetch gzip:/var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_nat...
            Read more

            How do I move numbers in filenames, in a batch renaming operation?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 10 down vote favorite 1 I have been trying to figure out how to rename files for the past few hours. I have 2000 files that are like this: file.1.pdb file.2.pdb file.3.pdb I would like to rename these files to something like: file.pdb.1 file.pdb.2 file.pdb.3 command-line batch-rename share | improve this question edited Mar 29 at 21:36 Eliah Kagan 79.6k 20 222 359 asked Mar 29 at 15:33 user812758 51 3 Didn't you mean bash ? – avazula Mar 29 at 15:38 4 @avazula No please read this article : en.wikipedia.org/wiki/Batch_renaming – Ali Razmdideh Mar 29 at 15:47 @PerlDuck yes ;) – Ali Razmdideh Mar 29 at 15:52 6 Possible duplicate of How to easily rename files using command line? – wjandrea Mar 29 at 16:09 2 Hey close voters...
            Read more