I am fairly new at ufw and am wondering about how deny works.
I assumed that when I deny from {some IP address} to any, that IP has no chance to get in.
Would that mean I will see attempts in /var/log/auth.log (where I usually see attempts?) More clearly, I denied 116.31.116.31 but still see these:
Jun 13 11:22:03 vbox sshd[21741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.31 user=root
Jun 13 11:22:04 vbox sshd[21741]: Failed password for root from 116.31.116.31 port 11675 ssh2
Jun 13 11:22:07 vbox sshd[21741]: Failed password for root from 116.31.116.31 port 11675 ssh2
Jun 13 11:22:12 vbox sshd[21741]: Failed password for root from 116.31.116.31 port 11675 ssh2
Jun 13 11:22:13 vbox sshd[21741]: Received disconnect from 116.31.116.31: 11: [preauth]
How would the little bastard even attempt a password for root if he /she was denied?
I did a little googling, but couldn't find a clue. Sorry for the newb question.
SMALL UPDATE: Here is my status, if it helps:
Status: active
To Action From
22 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
21/tcp ALLOW Anywhere
DNS ALLOW Anywhere
Anywhere ALLOW 224.0.0.1
12301 ALLOW Anywhere
Anywhere DENY 212.129.10.14
Anywhere DENY 210.38.224.120
Anywhere DENY 113.175.130.234
Anywhere DENY 183.17.122.102
Anywhere DENY 116.31.116.31
The little prick at 116.31.116.31 is still failing root passwords on ssh2. I wish I had to smarts to fight back. :-)
[link] [comments]