1

I need to block about 10 000 IP addresses in my firewall, I have all IP addresses in file, so I run this command from command line:

while read line; do sudo ufw insert 1 deny from $line; done < IP_addresses

And it works, it inserts rules, but it is very slow, it inserts about 1 rule per second, is possible to make it faster?

It is running on Debian 9 with 1 CPU core of Xeon (VPS).

tomsk
  • 257
  • 4
  • 18
  • 3
    You really should use an ipset for this, but ufw doesn't have built in support for ipsets yet. I suppose you can hack it in somehow. – Michael Hampton Apr 13 '18 at 23:08

1 Answers1

1

A faster way may be to add these to the /etc/ufw/before.rules file.

You could generate the lines to be inserted with your for loop by doing the following

for line in `cat IP_addresses`; do echo "-A ufw-before-input -s $line -j DROP" >> rules.out ; done

You can then place that output in the rules.out file into the /etc/ufw/before.rules file following the line that reads:

# End required lines

This is using the instructions found at https://www.cyberciti.biz/faq/how-to-block-an-ip-address-with-ufw-on-ubuntu-linux-server/ as the basis. The pertinent section is the last one titled Tip: UFW NOT blocking an IP address

RLines
  • 386
  • 1
  • 5