UFW blocking IPs

Even though we live in the era of the cloud, serverless, PAAS etc. and everything becomes without immediate access to the metal, I still like having an old-school VPS with services and the freedom of doing whatever I want to. But this of course results of having more responsibility to keep things safe and secure.

So lately, we had some incidents in a VPS I own for personal use with some DOS attack. Fortunately everything came from the same IP (some bot was trying things) so it was easy to just ban it and live happily ever after. How did I do it?

So, for start you need to see who is bashing your machine. There are many command lines tools for real-time network monitoring tools, I think iftop is a great tool which works for me. Ok next?
I am using ufw as it is a great linux firewall. But there is a catch. Let's say you found the IP you want to block and you type the following block command:
sudo ufw deny from x.x.x.x to any
After you type iftop and you still see the IP traffic. What is wrong here?

The obvious is to check ufw status, where you see both the rule and status: active for ufw. What is wrong?

The rules of ufw are based on priority so you need to type sudo ufw status numbered to actually see which one has highest priority. If you have a rule like
443 ALLOW IN Anywhere and you add the ban IP rule below of it, then it won't work. You need to add it above. So the actual command for placing at the top of the rule list is:

sudo ufw insert 1 deny from x.x.x.x to any

This will put the rule on top of everything and ban the IP no matter what. For deleting a rule you can type: sudo ufw delete 5 and it will delete the rule number 5, just in case you did something wrong.

Which one is your favorite tool for command line monitoring and blocking annoying traffic?
Max one mail per week.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.