UFW is a pretty simple to use firewall wrapper for Ubuntu. Recently, I have been using it to block spammers on a little service I run for the Nashville Tech community. I used to do this with iptables directly, but this is far simpler.
Here's a quick primer on firing it up and blocking a particular IP address. It's disabled by default so you need to allow your services and then turn it on:
ufw allow ssh/tcp ufw allow 80/tcp ufw logging on ufw enable ufw status
Order matters - once a rule is matched the others will not be evaluated. So, to block that IP, you need to insert it early:
ufw insert 1 deny from 16.16.9.0/24
Here's what these rules look like:
# ufw status Status: active To Action From -- ------ ---- Anywhere DENY 16.16.9.0/24 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6)
And you can number the output to make it easy to clean up or delete your rules:
# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] Anywhere DENY IN 16.16.9.0/24
[ 2] 22/tcp ALLOW IN Anywhere
[ 3] 80/tcp ALLOW IN Anywhere
[ 4] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 5] 80/tcp (v6) ALLOW IN Anywhere (v6)
To delete one it'd be ex: ufw delete 1