6

I want to block traffic to a specific domain e.g. mysite.com. I tried blocking the ip address of the site but it does not work:

ufw deny from 0.0.0.0 to ip_address_of_site

I am still able to acess the website, even after a reboot.

Any idea what I might be doing wrong?

Seth
  • 57,282
  • 43
  • 144
  • 200
JohnMerlino
  • 6,879
  • 24
  • 53
  • 69

1 Answers1

20

It will be: 

sudo ufw deny out from any to _ipaddress_
Seth
  • 57,282
  • 43
  • 144
  • 200
EdiD
  • 4,327
  • 3
  • 23
  • 40
  • 1
    Can you do it with a domain name? The best would be like this > sudo ufw deny out from any to *.domain.com – user3021729 Feb 27 '21 at 15:42
  • @user3021729 AFAIK no. UFW creates iptables chains like ufw-user-output and ufw-user-input where you can put more complicated rules, but domain names probably won't work because iptables/nftables loads before dns and can't resolve names. Probably it will fail to load rules (but maybe something changed) – EdiD Feb 28 '21 at 16:26
  • This didn't work for me with an Nginx website. After executing this, I can't ping that ip, but I can still reach to my website which is in that ip. – Sahin May 25 '21 at 10:17
  • 1
    @Sahin can't tell anything without seeing configuration. Maybe you should ask a question describing your problem. – EdiD May 25 '21 at 15:36
  • For me, it works fairly reliably. I just do `dig domain` to put whatever is in the A record, and it works well. (Not sure if that'll cause problems for cases where it's going through Cloudflare and such, though.) – Seth Falco May 15 '22 at 11:26