I am executing the following rule:
sudo ufw deny from 126.96.36.199 to any
(188.8.131.52 is my ip address)
The rule does not take effect until I reboot the computer. The proof is that I can still execute ssh commands. How can I force my firewall to apply the changes right away?.
Reason why I am asking this question is because I often have to block some ip addresses and they do not get blocked until I reboot my computer or until those connections are closed. I do not want to reboot my Linux computer every time I want to block an ip. I have a PBX system and for some reason I get random attacks that look like this Asterisk PBX detect if someone enters an incorrect password . Now I know what IP address to block I just cant block them right away. If I reboot the computer the attack stops. I think it is the same reason why after blocking my IP
sudo ufw deny from 184.108.40.206 to any I am still able to execute ssh commands.
Here is the proof maybe with this image I am able to explain things better:
1) I ran
ufw status and I see that the ip address
220.127.116.11 is blocked
2) Then I log in to my pbx system by running the command
asterisk -rvvv. When running that, asterisk will tell me all error messages, warnings etc... At the bottom you can see that I got a phone call from the ip address
18.104.22.168. How can I get a phone call from that ip address if I have blocked that ip address on my firewall !? Note this works with TCP but it does not work with UDP. In other words adding the ufw rule successfully blocks tcp connections but not udp
I get lots of requests that I will like to block. This is how my log looks like:
I do not understand why I get requests from an ip address that I have blocked. If I reboot my computer I will stop receiving those requests. So my solution as of right now is to reboot the computer.