There may be issues when you suddenly receive complaints from the data center about scanning private networks, even though you did not intentionally do so. We can block all private networks to address this issue.

Installing ufw

First, you should check if the ufw utility is installed on your server.

sudo apt install ufw

Next, before enabling it, we need to specify important settings to avoid losing access to services. Allow ports for the SSH, HTTP, and HTTPS services.

sudo ufw allow 22
sudo ufw allow 80
sudo ufw allow 443

Done. Now, let's enable our firewall.

sudo ufw enable

You can check the firewall status with the following command:

sudo ufw status

Blocking Private Networks

Great! Now let's proceed to block private networks.

These include:

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
100.64.0.0/10

Blocking them is quite simple. Use the following commands:

sudo ufw deny out from any to 10.0.0.0/8
sudo ufw deny out from any to 172.16.0.0/12
sudo ufw deny out from any to 192.168.0.0/16
sudo ufw deny out from any to 100.64.0.0/10
sudo ufw deny out from any to 198.18.0.0/15
sudo ufw deny out from any to 169.254.0.0/16

After adding these rules, you can check the status of the rules again:

sudo ufw status

Alternatively, you can use iptables:

iptables-save

Now, if you try to access an address in a private network, you will receive an error. For example, using the ping command:

ping 198.18.22.62

Everything is set!

Unblocking Networks (if needed)

Check the list of active ufw rules along with their numbering:

sudo ufw status numbered

Now, you can delete a specific rule with the following command:

sudo ufw delete <rule number>

For example, to delete rule #7:

sudo ufw delete 7

Now, there will be no restrictions when trying to access the address 198.18.22.62 again.