For blocking traffic on your webserver like a DDoS
# ufw limit https/tcp # blocking traffic on port 443 # ufw limit http/tcp # blocking traffic on port 80 # ufw limit ssh/tcp # blocking traffic on port 22
After 30 seconds you can access the server again, and see the website and login to your server.
To delete this rules simply use the commands.
# ufw delete limit ssh/tcp # This will remove the allow to port 22. You can't acces at this moment the server to port 22 you need to add the next command to allow connections to port 22 again.
# ufw allow ssh/tcp # Now we have access to port 22 and there is no limit when you try to access on port 22.
Show the rules with the command
# ufw status numbered # shows the status from your server
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 80/tcp LIMIT IN Anywhere
[ 3] 443/tcp LIMIT IN Anywhere
[ 4] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 5] 80/tcp (v6) LIMIT IN Anywhere (v6)
[6] 443/tcp (v6) LIMIT IN Anywhere (v6)
When the default settings are not good? You can change the time settings for the Limit as described in the following link.
https://serverfault.com/questions/368523/rate-limiting-with-ufw-setting-limits
As mentioned on the previous post you can customize the user.rules. I need my smtp connection rate limit of up to 12 connections in 6 seconds. I added a rule as shown below first. Note: this adds a limit rule allowing 6 in 30 sec by default
ufw limit smtp
and I edited the /lib/ufw/user.rules (I keep a custom copy of this file with lot of other tweaks) as shown below …
### tuple ### limit tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 25 -m state --state NEW -m recent --set
-A ufw-user-input -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 6 --hitcount 12 -j ufw-user-limit
-A ufw-user-input -p tcp --dport 25 -j ufw-user-limit-accept
/lib/ufw/user.rules is the file to edit.