UFW action file (action.d/ufw.conf)
This is the file that tells F2B what commands to send to UFW to block and unblock a system. You can see that the 'actionban' and 'actionunban' sections simply add and remove rules from UFW which drop/reject packets from the offending system. I have only changed the 'blocktype' from it's default (reject) to deny.
# Option: blocktype
# Notes.: reject or deny
#blocktype = reject
blocktype = deny
The important part of 'actionban' works like this:
ufw insert <insertpos> <blocktype> from <ip> to <destination>
The variables defined in the configuration file are summarized as:
[Init]
insertpos = 1
blocktype = deny
destination = any
application =
So, this rule adds a new rule (insert) at position 1 (insertpos) which denies (blocktype) packets from the offending system's IP (ip) destined for any address (which obviously includes this system). Importantly, each rule is added at position 1 which means they have priority over any other otherwise defined (i.e. allowed) traffic.
The 'actionunban' simply deletes the rule to remove the block.