Rules for DROP actions are inserted after allow actions in user.rules and thus do not work
ufw verion: 0.35
distro: Arch ARM (for aarch64)
summary: Unless I am doing this incorrectly, I am finding that DROP rules I add are inserted into /etc/ufw/user.rules above the ACCEPT rules and are thus ignored. If by contrast, I manually edit /etc/ufw/user.rules and place my DROP rule above the allow rules, ufw gives the expected behavior (ie no connections).
steps to reproduce:
1) Setup a fresh install of ufw like this:
ufw default deny
ufw allow from 192.168.1.0/24
ufw allow SSH
ufw allow 'WWW Secure'
ufw deny from 220.127.116.11/16
2) Enable ufw and look in /etc/ufw/
### tuple ### allow tcp 443 0.0.0.0/0 any 0.0.0.0/0 WWW%20Secure - in
-A ufw-user-input -p tcp --dport 443 -j ACCEPT -m comment --comment 'dapp_WWW%20Secure'
### tuple ### deny any any 0.0.0.0/0 any 18.104.22.168/16 in
-A ufw-user-input -s 22.214.171.124/16 -j DROP
As I understand it, rules are taken in order and the traffic in the ACCEPT comes through before the next line which is the DROP. Taken as such, I have repeat connections from the spammer at that IP address. Now, if I manually reverse the rules in /etc/ufw/user.rules the incoming connections are blocked as expected.