Ufw Deny Reorder
Preface
The server was down for a few days, and I didn’t notice any messages on my phone. I only saw them on the 21st.
Post the code
#!/usr/bin/env bash
# Use the 'ufw status' command to retrieve a list of rules.
rules=$(ufw status | grep "DENY" | grep -v "Anywhere (v6)" | awk '{print $1 " " $3}')
IFS=$'\n' read -r -d '' -a rule_array <<<"$rules"
for rule in "${rule_array[@]}"; do
to=$(echo "$rule" | awk '{print $1}')
from=$(echo "$rule" | awk '{print $2}')
echo " ==================== $to From: $from ==================== "
if [ "$to" != "Anywhere" ] && [ "$from" == "Anywhere" ]; then
to_port=$(echo "$to" | awk -F'/' '{print $1}')
to_proto=$(echo "$to" | awk -F'/' '{print $2}')
proto_arg=""
if [ -z "$to_proto" ]; then
proto_arg=""
else
proto_arg="proto $to_proto"
fi
ufw delete deny to any port ${to_port} ${proto_arg}
ufw insert 1 deny from 0.0.0.0/0 to any port ${to_port} ${proto_arg}
ufw insert $(ufw status numbered | grep '(v6)' | awk '{print $1}' | grep -o '[0-9]*' | head -n 1) deny from ::/0 to any port ${to_port} ${proto_arg}
elif
[ "$to" == "Anywhere" ] && [ "$from" != "Anywhere" ]
then
ufw delete deny from ${from}
if [[ "$from" =~ : ]]; then
# shellcheck disable=SC2046
ufw insert $(ufw status numbered | grep '(v6)' | awk '{print $1}' | grep -o '[0-9]*' | head -n 1) deny from ${from} to any port ${to}
else
ufw insert 1 deny from ${from}
fi
elif [ "$to" != "Anywhere" ] && [ "$from" != "Anywhere" ]; then
to_port=$(echo "$to" | awk -F'/' '{print $1}')
to_proto=$(echo "$to" | awk -F'/' '{print $2}')
if [[ "$from" =~ : ]]; then
rule_number=$(ufw status numbered | grep '(v6)' | awk '{print $1}'| grep -o '[0-9]*' | head -n 1)
else
rule_number=1
fi
proto_arg=""
if [ -z "$to_proto" ]; then
proto_arg=""
else
proto_arg="proto $to_proto"
fi
ufw delete deny from ${from} to any port ${to_port} ${proto_arg}
ufw insert $rule_number deny from ${from} to any port ${to_port} ${proto_arg}
fi
done
ufw reload
Result testing
Block some scans
## censys
ufw delete deny from 162.142.125.0/24
ufw delete deny from 167.94.138.0/24
ufw delete deny from 167.94.145.0/24
ufw delete deny from 167.94.146.0/24
ufw delete deny from 167.248.133.0/24
ufw delete deny from 2602:80d:1000:b0cc:e::/80
ufw delete deny from 2620:96:e000:b0cc:e::/80
ufw insert 1 deny from 162.142.125.0/24
ufw insert 1 deny from 167.94.138.0/24
ufw insert 1 deny from 167.94.145.0/24
ufw insert 1 deny from 167.94.146.0/24
ufw insert 1 deny from 167.248.133.0/24
ufw insert `ufw status numbered | grep '(v6)' | grep -o '[0-9]*' | head -n 1` deny from 2602:80d:1000:b0cc:e::/80
ufw insert `ufw status numbered | grep '(v6)' | grep -o '[0-9]*' | head -n 1` deny from 2620:96:e000:b0cc:e::/80
## driftnet.io
ufw delete deny from 87.236.176.0/24
ufw delete deny from 193.163.125.0/24
ufw delete deny from 68.183.53.77/24
ufw delete deny from 104.248.203.191/24
ufw delete deny from 104.248.204.195/24
ufw delete deny from 142.93.191.98/24
ufw delete deny from 157.245.216.203/24
ufw delete deny from 165.22.39.64/24
ufw delete deny from 167.99.209.184/24
ufw delete deny from 188.166.26.88/24
ufw delete deny from 206.189.7.178/24
ufw delete deny from 209.97.152.248/24
ufw delete deny from 2a06:4880::/32
ufw delete deny from 2604:a880:800:10::c4b:f000/124
ufw delete deny from 2604:a880:800:10::c51:a000/124
ufw delete deny from 2604:a880:800:10::c52:d000/124
ufw delete deny from 2604:a880:800:10::c55:5000/124
ufw delete deny from 2604:a880:800:10::c56:b000/124
ufw delete deny from 2a03:b0c0:2:d0::153e:a000/124
ufw delete deny from 2a03:b0c0:2:d0::1576:8000/124
ufw delete deny from 2a03:b0c0:2:d0::1577:7000/124
ufw delete deny from 2a03:b0c0:2:d0::1579:e000/124
ufw delete deny from 2a03:b0c0:2:d0::157c:a000/124
ufw insert 1 deny from 87.236.176.0/24
ufw insert 1 deny from 193.163.125.0/24
ufw insert 1 deny from 68.183.53.77/24
ufw insert 1 deny from 104.248.203.191/24
ufw insert 1 deny from 104.248.204.195/24
ufw insert 1 deny from 142.93.191.98/24
ufw insert 1 deny from 157.245.216.203/24
ufw insert 1 deny from 165.22.39.64/24
ufw insert 1 deny from 167.99.209.184/24
ufw insert 1 deny from 188.166.26.88/24
ufw insert 1 deny from 206.189.7.178/24
ufw insert 1 deny from 209.97.152.248/24
ufw insert `ufw status numbered | grep '(v6)' | grep -o '[0-9]*' | head -n 1` deny from 2a06:4880::/32
ufw insert `ufw status numbered | grep '(v6)' | grep -o '[0-9]*' | head -n 1` deny from 2604:a880:800:10::c4b:f000/124
ufw insert `ufw status numbered | grep '(v6)' | grep -o '[0-9]*' | head -n 1` deny from 2604:a880:800:10::c51:a000/124
ufw insert `ufw status numbered | grep '(v6)' | grep -o '[0-9]*' | head -n 1` deny from 2604:a880:800:10::c52:d000/124
ufw insert `ufw status numbered | grep '(v6)' | grep -o '[0-9]*' | head -n 1` deny from 2604:a880:800:10::c55:5000/124
ufw insert `ufw status numbered | grep '(v6)' | grep -o '[0-9]*' | head -n 1` deny from 2604:a880:800:10::c56:b000/124
ufw insert `ufw status numbered | grep '(v6)' | grep -o '[0-9]*' | head -n 1` deny from 2a03:b0c0:2:d0::153e:a000/124
ufw insert `ufw status numbered | grep '(v6)' | grep -o '[0-9]*' | head -n 1` deny from 2a03:b0c0:2:d0::1576:8000/124
ufw insert `ufw status numbered | grep '(v6)' | grep -o '[0-9]*' | head -n 1` deny from 2a03:b0c0:2:d0::1577:7000/124
ufw insert `ufw status numbered | grep '(v6)' | grep -o '[0-9]*' | head -n 1` deny from 2a03:b0c0:2:d0::1579:e000/124
ufw insert `ufw status numbered | grep '(v6)' | grep -o '[0-9]*' | head -n 1` deny from 2a03:b0c0:2:d0::157c:a000/124