Skip to main content

UFW

Block and Unblock IP Address Using UFW

UFW enables you to configure the firewall easily. Learn to block certain IP address with UFW. Also learn to unblock it.

Block and unblock IP with UFW in Ubuntu

Have you ever come across a fishy IP address that is constantly trying to get inside your system? If not, I would recommend checking firewall logs in Ubuntu again!

It may be the fishy IP or you want to restrict access to certain IPs, cases are endless but the question is how you block IP addresses in UFW.

But before you jump to the how-to part, make sure you have an active UFW firewall by checking the status of the firewall in Ubuntu:

sudo ufw status
Check status of UFW firewall in Ubuntu

And if that's inactive, then you can use the following to enable the UFW firewall:

sudo ufw enable

How to block IP addresses using UFW

To block the IP address in the UFW firewall, you can follow the given command syntax:

sudo ufw insert 1 deny from IP_ADDRESS

For example, if I want to block 192.168.1.2, then, I have to use the following command:

sudo ufw insert 1 deny from 192.168.1.2

Now, let's break down the above command.

  • sudo: Executes the command with elevated privileges
  • ufw: Command to deal with UFW firewall
  • insert 1: Prioritizes the specified rule at the top above all the UFW rules
  • deny from IP_ADDRESS: Blocks traffic from the specified IP

You may be wondering why this rule needs to be prioritized above all. There's a pretty good reason why.

Importance of prioritizing rules in UFW

Suppose you have added the following 3 rules to UFW:

  • Allow incoming connections on HTTP
  • Block incoming traffic from the specific IP
  • Allow all the incoming traffic

If the above rules are not configured in a specific order then it may result in malfunctioning.

For example, if the rule to block a traffic from specific IP is placed after the rule to allow all the incoming traffic, then, that specific IP will still be able to connect as the generic rule was applied first.

So if you were to apply those 3 rules in UFW, then you must do so in the following order:

  • Block incoming traffic from the specific IP
  • Allow incoming connections on HTTP
  • Allow all the incoming traffic

And this is the reason why I prioritized the rule to block IP above all the rules.

How to block IP addresses on a specific port

If you want to block an IP address on a specific port, then, you can execute the ufw command in the following manner:

sudo ufw insert 1 deny from IP_Addres to any port Port_No

The best example would be to block a specific IP accessing SSH on your system.

In my case, I want to block 192.168.1.2 accessing SSH, then, I will be using the following:

sudo ufw insert 1 deny from 192.168.1.2 to any port 22
Block traffic form specific IP on specific port in UFW firewall

How to block a range of IPs in the UFW firewall

If you wish to block a range of IP addresses in your UFW firewall, then, you can specify the range of IP addresses in the following manner:

sudo ufw insert 1 deny from IP_Address/subnet

For example, if I want to block 192.168.1.0 to 192.168.1.256, then, I will be using a subnet 24 that will cover the whole range in the simplest manner possible:

sudo ufw insert 1 deny from 192.168.1.0/24
Block range of IP addresses in UFW firewall

How to Unblock IP Addresses in UFW

If you added a wrong rule which blocks important services or you no longer want to block traffic from specific IP.

And in this section, I will share how you can revert the effect by unblocking the IP from the UFW firewall.

As the only way to unlock IP is to delete a rule from UFW, you can use this method irrespective of how you blocked IP.

First, list UFW rules in numbered form:

sudo ufw status numbered

Here, you will find all the rules you've added so far with a number attached to it:

List UFW rules in the numbered form

Once you find the rule that you no longer want to be in action, note the number associated with it and use it in the following command:

sudo ufw delete number_of_rule

For example, here, I want to remove the first rule blocking traffic from 192.168.1.0 to 192.168.1.255, then, I'd have to remove the first rule:

sudo ufw delete 1

To verify whether it was removed or not by listing UFW rules:

sudo ufw status
List UFW rules in Ubuntu

And as you can see, the rule is no longer listed here, which means the traffic from 192.168.1.0 to 192.168.1.255 is no longer blocked!

More on UFW

New to UFW firewall? We have a good resource for you.

Using UFW Firewall Commands in Ubuntu
A detailed beginner’s guide to using UFW firewall in Ubuntu command line. There is also a cheat sheet you can download for free.
Learn UbuntuSagar Sharma

I hope you will find this guide helpful.