Need some help with UFW and blocking an IP

I’m not too familiar with networking and firewalls, and I’m attempting to block an IP using UFW, but I’m not sure if it’s working or or not. I followed the Archwiki article and set it up using:
ufw deny from 185.40.64.69 to any.
When I run ufw status, it seems to be blocking it.

To                         Action      From
--                         ------      ----
Anywhere                   DENY        185.40.64.69
185.40.64.69               DENY OUT    Anywhere

However, if I ping the IP it seems, if I’ve interpreted it correctly, to still be open as packets are transmitted.

--- 185.40.64.69 ping statistics ---
23 packets transmitted, 0 received, 100% packet loss, time 22546ms

Is this correct, and if so, what have I done wrong?

Wouldn’t this mean that none of the transmitted packages have reached its destination and therefore the rule is effectively blocking the address? What if you put the IP address in the url-bar of your browser?

1 Like

I now have

Anywhere                   DENY        185.40.64.69
185.40.64.69               DENY        Anywhere
185.40.64.69               DENY OUT    Anywhere

Ping still showing packets being transmitted.

Sorry, I was editing my previous post while you were responding.

Transmitted from the ping command, yes. Packet loss indicates no response is being received, and that means it’s being blocked.

Yes.

3 Likes

I’m not sure, I was hoping someone here knew. The IP is supposed to be Riot’s chat server (I’d like to be offline when I’m on), and with these rules set that doesn’t seem to be the case. As for connecting in a browser, I’m not sure what I can expect (as it isn’t a website) but it loads until it times out. I would have thought if the IP was blocked it would instantly stop.

I’m quite certain I have the correct IP, as multiple sources list the same one. Of course, their process is for doing it on Windows where it looks like this:

netsh advfirewall firewall add rule name=”lolchat” dir=out remoteip=185.40.64.69 protocol=TCP action=block

I believe the UFW rule above should achieve the same thing, but if not, do correct me.

1 Like

Good to know, thank you.

If I understand correctly, you want to block outgoing requests from your machine to that IP-Address ?

You can either drop or reject those packets:

sudo ufw reject out to 185.40.64.69
sudo ufw deny out to 185.40.64.69

deny = just drops packets → should result in a timeout
reject = drop packet and returns error packet to sender (ping will tell you ping: sendmsg: Operation not permitted)

Note that 185.40.64.69 is not responding to icmp echo requests (ping) at all. Even if you allow traffic to it, you won’t get a reply via ping…

1 Like

As others have said it looks like the UFW block is working, to double check look in your kernel logs (ie dmesg) … you should have explicit UFW BLOCK entries with each specific ip address connection attempt.

1 Like

Yes, it seems the IP was wrong. Rather than using the IP other sites listed, I found the actual address (euw1.chat.si.riotgames.com) and a ping revealed the correct ip to be 172.65.252.238. I’m not entirely sure if blocking it serves the purpose (waiting for someone else to come online and confirm), but UFW does indeed seem to be blocking it at least.

Thanks for the help, everyone.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.