You've already blocked all ports from the China IP's so there is no need to additionally block port 22.
Changing that deny to allow (to create a whitelist) will work but it is opening up all ports which isn't ideal. However If there are any IP's in both your blacklist and whitelist then that will complicate matters.
I can't remember if UFW warns about two contradictory criteria (I suspect not in most cases), if it doesn't then which ever rule is first (in UFW) will override the later rule. In your case the deny would take higher priority.
You can put new entries at the beginning of the UFW list by either the "prepend" command or using "insert 1", this will give higher priority to your additional entries over older entries.
I use the insert command because I can never remember the prepend command (I just looked it up yet again).
With 8000 entries your server is going to be very slow, generally anything approaching 100 entries is the stage where you consider other options (for a Pi 4).There is a risk that some domestic internet-providers will block you if you have ddos attacks
If you are using fail2ban then I used to block the common hit-points (wordpress, phpmyadmin etc) and also block anything that went for my IP address rather than domain name, I switched logging off for those rules. My worst problems became the minor search bots, whilst google, bing etc would rate-limit or just do a block at a time, some of the other search engines would try and download your whole site in one go which for big websites could overwhelm the Pi4 for 20 minutes at a time, it used to crash the Pi4 before I increased some of the Apache settings.
I used to jail for a small number of days (one hour jails were usually useless, attacks used restart immediately) but also kept track of IP's that regularly got jailed and perm-ban them, then clear the perma-bans out every few months when the UFW table was getting too big.
Eventually I gave up home-serving as it was more trouble than it was worth especially as I added more and more websites, there was some novelty value but that only lasts so long.
There is a risk that some domestic internet-providers will ban you if you have ddos attacks, this was a particular concern as one of my websites had a bad history of ddos attacks (believed to be retribution against a previous owner's contractual disagreement).
Changing that deny to allow (to create a whitelist) will work but it is opening up all ports which isn't ideal. However If there are any IP's in both your blacklist and whitelist then that will complicate matters.
I can't remember if UFW warns about two contradictory criteria (I suspect not in most cases), if it doesn't then which ever rule is first (in UFW) will override the later rule. In your case the deny would take higher priority.
You can put new entries at the beginning of the UFW list by either the "prepend" command or using "insert 1", this will give higher priority to your additional entries over older entries.
Code:
cat cidr-china.txt | awk '/^[^#]/ { print $1 }' | sudo xargs -I {} ufw insert 1 allow from {} to anyWith 8000 entries your server is going to be very slow, generally anything approaching 100 entries is the stage where you consider other options (for a Pi 4).There is a risk that some domestic internet-providers will block you if you have ddos attacks
If you are using fail2ban then I used to block the common hit-points (wordpress, phpmyadmin etc) and also block anything that went for my IP address rather than domain name, I switched logging off for those rules. My worst problems became the minor search bots, whilst google, bing etc would rate-limit or just do a block at a time, some of the other search engines would try and download your whole site in one go which for big websites could overwhelm the Pi4 for 20 minutes at a time, it used to crash the Pi4 before I increased some of the Apache settings.
I used to jail for a small number of days (one hour jails were usually useless, attacks used restart immediately) but also kept track of IP's that regularly got jailed and perm-ban them, then clear the perma-bans out every few months when the UFW table was getting too big.
Eventually I gave up home-serving as it was more trouble than it was worth especially as I added more and more websites, there was some novelty value but that only lasts so long.
There is a risk that some domestic internet-providers will ban you if you have ddos attacks, this was a particular concern as one of my websites had a bad history of ddos attacks (believed to be retribution against a previous owner's contractual disagreement).
Statistics: Posted by pidd — Thu Jan 25, 2024 3:41 am