ufw ip 黑名单 不生效

1Panel
1

已在ufw里将ip屏蔽,但登录日志(auth.log)里面依然有ssh登录失败的日志,这正常吗?

Snipaste_2023-09-10_16-43-13
Snipaste_2023-09-10_16-43-131325×753 75.2 KB

111
1111294×952 140 KB

222
2221286×960 146 KB

终端ufw状态

# ufw status
Status: active

To                         Action      From
--                         ------      ----
31000/tcp                  ALLOW       Anywhere
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
Anywhere                   ALLOW       127.0.0.1
Anywhere                   DENY        185.224.128.189
Anywhere                   DENY        116.103.226.20
Anywhere                   DENY        185.224.128.187
Anywhere                   DENY        45.117.213.52
31000/tcp (v6)             ALLOW       Anywhere (v6)
22/tcp (v6)                ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)
2

auth.log最后几行

Sep 10 08:33:32 VM95644DE7B0561E2 sshd[523823]: Failed password for root from 218.92.0.90 port 34513 ssh2
Sep 10 08:33:34 VM95644DE7B0561E2 sshd[523845]: Failed password for root from 45.117.213.52 port 49630 ssh2
Sep 10 08:33:35 VM95644DE7B0561E2 sshd[523823]: Failed password for root from 218.92.0.90 port 34513 ssh2
Sep 10 08:33:35 VM95644DE7B0561E2 sshd[523823]: Received disconnect from 218.92.0.90 port 34513:11:  [preauth]
Sep 10 08:33:35 VM95644DE7B0561E2 sshd[523823]: Disconnected from authenticating user root 218.92.0.90 port 34513 [preauth]
Sep 10 08:33:35 VM95644DE7B0561E2 sshd[523823]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.90  user=root
Sep 10 08:33:36 VM95644DE7B0561E2 sshd[523845]: Connection closed by authenticating user root 45.117.213.52 port 49630 [preauth]
Sep 10 08:33:37 VM95644DE7B0561E2 sshd[523901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.117.213.52  user=root
Sep 10 08:33:39 VM95644DE7B0561E2 sshd[523901]: Failed password for root from 45.117.213.52 port 51034 ssh2
Sep 10 08:33:40 VM95644DE7B0561E2 sshd[523901]: Connection closed by authenticating user root 45.117.213.52 port 51034 [preauth]
Sep 10 08:33:41 VM95644DE7B0561E2 sshd[523924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.117.213.52  user=root
Sep 10 08:33:42 VM95644DE7B0561E2 sshd[523924]: Failed password for root from 45.117.213.52 port 51932 ssh2
Sep 10 08:33:43 VM95644DE7B0561E2 sshd[523924]: Connection closed by authenticating user root 45.117.213.52 port 51932 [preauth]
Sep 10 08:33:44 VM95644DE7B0561E2 sshd[523944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.117.213.52  user=root
Sep 10 08:33:46 VM95644DE7B0561E2 sshd[523944]: Failed password for root from 45.117.213.52 port 52886 ssh2
Sep 10 08:33:48 VM95644DE7B0561E2 sshd[523944]: Connection closed by authenticating user root 45.117.213.52 port 52886 [preauth]
Sep 10 08:33:49 VM95644DE7B0561E2 sshd[523976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.117.213.52  user=root
Sep 10 08:33:52 VM95644DE7B0561E2 sshd[523976]: Failed password for root from 45.117.213.52 port 54226 ssh2
Sep 10 08:33:54 VM95644DE7B0561E2 sshd[523976]: Connection closed by authenticating user root 45.117.213.52 port 54226 [preauth]
Sep 10 08:33:55 VM95644DE7B0561E2 sshd[524014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.117.213.52  user=root
Sep 10 08:33:57 VM95644DE7B0561E2 sshd[524014]: Failed password for root from 45.117.213.52 port 55604 ssh2
Sep 10 08:33:57 VM95644DE7B0561E2 sshd[524014]: Connection closed by authenticating user root 45.117.213.52 port 55604 [preauth]
Sep 10 08:33:58 VM95644DE7B0561E2 sshd[524034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.117.213.52  user=root
Sep 10 08:34:00 VM95644DE7B0561E2 sshd[524034]: Failed password for root from 45.117.213.52 port 56388 ssh2
Sep 10 08:34:02 VM95644DE7B0561E2 sshd[524034]: Connection closed by authenticating user root 45.117.213.52 port 56388 [preauth]
Sep 10 08:34:03 VM95644DE7B0561E2 sshd[524144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.117.213.52  user=root
Sep 10 08:34:04 VM95644DE7B0561E2 sshd[524136]: Invalid user operator from 193.201.9.109 port 58291
Sep 10 08:34:04 VM95644DE7B0561E2 sshd[524136]: pam_unix(sshd:auth): check pass; user unknown
Sep 10 08:34:04 VM95644DE7B0561E2 sshd[524136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.9.109 
Sep 10 08:34:06 VM95644DE7B0561E2 sshd[524144]: Failed password for root from 45.117.213.52 port 57892 ssh2
Sep 10 08:34:06 VM95644DE7B0561E2 sshd[524136]: Failed password for invalid user operator from 193.201.9.109 port 58291 ssh2
Sep 10 08:34:08 VM95644DE7B0561E2 sshd[524136]: Connection reset by invalid user operator 193.201.9.109 port 58291 [preauth]
Sep 10 08:34:08 VM95644DE7B0561E2 sshd[524144]: Connection closed by authenticating user root 45.117.213.52 port 57892 [preauth]
Sep 10 08:34:09 VM95644DE7B0561E2 sshd[524212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.117.213.52  user=root
Sep 10 08:34:11 VM95644DE7B0561E2 sshd[524212]: Failed password for root from 45.117.213.52 port 59212 ssh2
Sep 10 08:34:13 VM95644DE7B0561E2 sshd[524212]: Connection closed by authenticating user root 45.117.213.
3

用手机流量试了下,ip规则不生效!(端口规则生效,ip规则不生效)

将手机的IP屏蔽后,依然可以登录,密码不正确也会出现密码错误的提示

Screenshot_20230910_170458_com.termux_edit_528457694531863
Screenshot_20230910_170458_com.termux_edit_528457694531863901×319 16 KB

已将手机的ip加入屏蔽列表,依然能登录

Snipaste_2023-09-10_17-12-49
Snipaste_2023-09-10_17-12-491915×1127 268 KB

4

感谢反馈,这里确认了一下,ufw 生效规则是从上到下,这里 22 端口匹配完就直接放开了,所以要实现指定 ip 的屏蔽,需要把

22/tcp ALLOW Anywhere

这条规则放到最后面。