IP getting access even after blocking
Solution 1:
UFW rules are checked in sequence. The first rule that matches source and destination applies and remaining rules are ignored.
When you use a plain ufw deny
command, the rule is added after the others (use ufw status
to list the rules in order). If the source address matches an allow
or limit
line above your deny
(and there is likely one), that allow/limit line applies and your rule is not checked.
To make sure your rule appears first, do:
ufw insert 1 deny from 78.128.113.58/24 to any
Solution 2:
The previous answer address why the ufw
command didn't have an effect. However it does not explain why the ip route
command had no effect.
The reason it had no effect for you is that 78.128.113
is being interpreted as 78.128.113.0/32
. Thus you are blocking only a single IP address which is not the one you are receiving traffic from. If you wanted to block the entire /24 IP range, you could use:
ip route add unreachable 78.128.113.0/24
It's important to notice that the ip
command will only block the return traffic not the incoming traffic. That means incoming traffic from that IP range may still consume some resources on your host by creating half-open TCP connections or sending packets to stateless services (usually UDP based).
For those reasons a firewall rule such as those created with ufw
will likely work better for your particular use case than an ip route
command.