Blocking Russian and Belarus IP Addresses in Ubuntu’s Firewall

First Published: .

Last update: 2022-05-14 16:01 IST

Me, as everybody in the civilized world, I’m shocked by the brutal invasion of Ukraine by Russia.

I’ve known brilliant IT Ukrainian Engineers and I have known how they have been helping companies around the world with their coding skills.

Me as everybody else have been receiving attacks from Russian and Belarus (and China) Ip Addresses in a daily basis for years, but I only blocked on the firewall the offending Ips.

But after the Russian invasion of Ukraine and the shelling over cities, and the murder of innocent people, families… not talking about the craziness of attacking the biggest nuclear power plant in Europe I think that’s enough.

I know it can be argued that if the Russian population, which is not guilty of the decisions of their dictator president, are isolated from Internet they will be more alone. But I think that people that want peace, need to do something to set it clear that we don’t want anything to do with dictators that do not respect basic Human Rights.

Must say I have very nice Russian friends that are totally against the Rusian invasion of Ukraine.

And obviously it doesn’t look like that Russian president is going to stop there. It looks to me like again, another crazy dictator is trying to invade Europe and enslave their nations. Also the repression against their own Russian population and the prosecution of Free of Speech, are unacceptable. And as a Catalan I know about this.

As Engineer, the only thing I can do is speak up and say No. This is bad. My way of doing that, is contributing to let the Russians know that the rest of the world do not approve invasions, violence and repression. And I’m adding my blog to the list of services that will not work in Russia and in Belarus.

I’ll be blocking in the Firewall any Russian and Belarus Ip Address I get to know until they leave Ukraine.

And I’ll share with you how you can do the same, and the Ip ranges that I found.

How to know if an IP belongs to Russia or Belarus

There are geographic databases that quickly will tell you.

But if you want to do it by yourself, in Linux you can do like this:

whois -a 94.231.154.121

In this case the IP that visited my blog belong to an ISP (Internet Service Provider). Their range is 94.231.144.0 to 94.231.159.255.

That range is the equivalent to 16 class C (or a mask /24 or in other words, 256 addresses):

  1. 94.231.144.0/24
  2. 94.231.145.0/24
  3. 94.231.146.0/24
  4. 94.231.147.0/24
  5. 94.231.148.0/24
  6. 94.231.149.0/24
  7. 94.231.150.0/24
  8. 94.231.151.0/24
  9. 94.231.152.0/24
  10. 94.231.153.0/24
  11. 94.231.154.0/24
  12. 94.231.155.0/24
  13. 94.231.156.0/24
  14. 94.231.157.0/24
  15. 94.231.158.0/24
  16. 94.231.159.0/24

These 16 class C /24, can be expressed as 8 /23, or 4 /22 or 2 /21 or one /20.

It is not always possible to use a mask for all the Ip’s of a provider, as they may have an even distribution, so in case of doubt you can use the route listed by whois for the ip you queried.

In this case I can use 94.231.144.0/20 so, 4,096 IP Addresses. I’m going to block them:

sudo ufw insert 1 deny from 94.231.144.0/20 to any

I’m going to block 2,097,152 of IP Addresses assigned to Russia in four ranges of 512K:

ufw insert 1 deny from 5.136.0.0/13 to any
ufw insert 1 deny from 95.24.0.0/13 to any
ufw insert 1 deny from 176.208.0.0/13 to any
ufw insert 1 deny from 178.64.0.0/13 to any

And few more blocks of 64K, 32K, 16K, 8K, 4K, 1K, 2K, 512 and 256 (/24) IP Addresses:

ufw insert 1 deny from 5.18.0.0/16 to any
ufw insert 1 deny from 37.192.0.0/16 to any
ufw insert 1 deny from 109.252.0.0/16 to any
ufw insert 1 deny from 128.71.0.0/16 to any
ufw insert 1 deny from 194.220.0.0/16 to any
ufw insert 1 deny from 92.101.0.0/17 to any
ufw insert 1 deny from 92.255.128.0/17 to any
ufw insert 1 deny from 178.154.128.0/17 to any
ufw insert 1 deny from 37.9.64.0/18 to any
ufw insert 1 deny from 93.100.64.0/18 to any
ufw insert 1 deny from 93.100.128.0/18 to any
ufw insert 1 deny from 93.124.64.0/18 to any
ufw insert 1 deny from 141.8.128.0/18 to any
ufw insert 1 deny from 46.3.160.0/19 to any
ufw insert 1 deny from 46.38.96.0/19 to any
ufw insert 1 deny from 85.174.192.0/19 to any
ufw insert 1 deny from 85.234.32.0/19 to any
ufw insert 1 deny from 90.188.224.0/19 to any
ufw insert 1 deny from 94.242.0.0/19 to any
ufw insert 1 deny from 37.9.0.0/20 to any
ufw insert 1 deny from 37.9.32.0/20 to any
ufw insert 1 deny from 37.9.144.0/20 to any
ufw insert 1 deny from 46.148.192.0/20 to any
ufw insert 1 deny from 77.245.208.0/20 to any
ufw insert 1 deny from 79.110.64.0/20 to any
ufw insert 1 deny from 93.182.16.0/20 to any
ufw insert 1 deny from 95.152.32.0/20 to any
ufw insert 1 deny from 95.152.48.0/20 to any
ufw insert 1 deny from 109.168.224.0/20 to any
ufw insert 1 deny from 217.25.224.0/20 to any
ufw insert 1 deny from 217.114.144.0/20 to any
ufw insert 1 deny from 37.9.48.0/21 to any
ufw insert 1 deny from 37.9.128.0/21 to any
ufw insert 1 deny from 37.9.240.0/21 to any
ufw insert 1 deny from 85.202.0.0/21 to any
ufw insert 1 deny from 90.151.136.0/21 to any
ufw insert 1 deny from 95.72.24.0/21 to any
ufw insert 1 deny from 95.72.104.0/21 to any
ufw insert 1 deny from 195.133.152.0/21 to any
ufw insert 1 deny from 5.164.228.0/22 to any
ufw insert 1 deny from 5.164.248.0/22 to any
ufw insert 1 deny from 37.113.12.0/22 to any
ufw insert 1 deny from 37.113.32.0/22 to any
ufw insert 1 deny from 37.113.44.0/22 to any
ufw insert 1 deny from 37.113.52.0/22 to any
ufw insert 1 deny from 37.113.60.0/22 to any
ufw insert 1 deny from 37.113.136.0/22 to any
ufw insert 1 deny from 46.146.4.0/22 to any
ufw insert 1 deny from 62.217.188.0/22 to any
ufw insert 1 deny from 79.173.88.0/22 to any
ufw insert 1 deny from 91.204.148.0/22 to any
ufw insert 1 deny from 91.210.4.0/22 to any
ufw insert 1 deny from 91.219.56.0/22 to any
ufw insert 1 deny from 94.181.44.0/22 to any
ufw insert 1 deny from 94.181.164.0/22 to any
ufw insert 1 deny from 95.79.88.0/22 to any
ufw insert 1 deny from 95.170.152.0/22 to any
ufw insert 1 deny from 109.194.240.0/22 to any
ufw insert 1 deny from 109.194.244.0/22 to any
ufw insert 1 deny from 109.194.252.0/22 to any
ufw insert 1 deny from 178.17.180.0/22 to any
ufw insert 1 deny from 178.76.220.0/22 to any
ufw insert 1 deny from 195.133.16.0/22 to any
ufw insert 1 deny from 212.192.244.0/22 to any
ufw insert 1 deny from 212.193.184.0/22 to any
ufw insert 1 deny from 5.188.158.0/23 to any
ufw insert 1 deny from 31.173.242.0/23 to any
ufw insert 1 deny from 37.113.56.0/23 to any
ufw insert 1 deny from 46.148.234.0/23 to any
ufw insert 1 deny from 46.242.8.0/23 to any
ufw insert 1 deny from 80.95.44.0/23 to any
ufw insert 1 deny from 81.9.126.0/23 to any
ufw insert 1 deny from 83.220.238.0/23 to any
ufw insert 1 deny from 90.154.72.0/23 to any
ufw insert 1 deny from 93.159.230.0/23 to any
ufw insert 1 deny from 188.124.46.0/23 to any
ufw insert 1 deny from 188.130.136.0/23 to any
ufw insert 1 deny from 212.109.196.0/23 to any
ufw insert 1 deny from 5.188.170.0/24 to any
ufw insert 1 deny from 5.188.211.0/24 to any
ufw insert 1 deny from 37.113.58.0/24 to any
ufw insert 1 deny from 46.8.155.0/24 to any
ufw insert 1 deny from 46.8.156.0/24 to any
ufw insert 1 deny from 46.8.222.0/24 to any
ufw insert 1 deny from 46.161.48.0/24 to any
ufw insert 1 deny from 62.76.153.0/24 to any
ufw insert 1 deny from 62.113.118.0/24 to any
ufw insert 1 deny from 83.220.227.0/24 to any
ufw insert 1 deny from 91.230.107.0/24 to any
ufw insert 1 deny from 91.241.19.0/24 to any
ufw insert 1 deny from 91.243.44.0/24 to any
ufw insert 1 deny from 91.244.183.0/24 to any
ufw insert 1 deny from 94.103.80.0/24 to any
ufw insert 1 deny from 94.103.81.0/24 to any
ufw insert 1 deny from 94.103.82.0/24 to any
ufw insert 1 deny from 94.103.83.0/24 to any
ufw insert 1 deny from 94.103.84.0/24 to any
ufw insert 1 deny from 94.103.85.0/24 to any
ufw insert 1 deny from 94.103.86.0/24 to any
ufw insert 1 deny from 94.103.87.0/24 to any
ufw insert 1 deny from 94.103.88.0/24 to any
ufw insert 1 deny from 94.103.89.0/24 to any
ufw insert 1 deny from 94.103.90.0/24 to any
ufw insert 1 deny from 94.103.91.0/24 to any
ufw insert 1 deny from 94.103.92.0/24 to any
ufw insert 1 deny from 94.103.93.0/24 to any
ufw insert 1 deny from 94.103.94.0/24 to any
ufw insert 1 deny from 94.103.95.0/24 to any
ufw insert 1 deny from 109.107.180.0/24 to any
ufw insert 1 deny from 109.194.21.0/24 to any
ufw insert 1 deny from 109.248.128.0/24 to any
ufw insert 1 deny from 176.113.115.0/24 to any
ufw insert 1 deny from 178.20.43.0/24 to any
ufw insert 1 deny from 178.176.214.0/24 to any
ufw insert 1 deny from 178.204.251.0/24 to any
ufw insert 1 deny from 179.60.149.0/24 to any
ufw insert 1 deny from 185.9.187.0/24 to any
ufw insert 1 deny from 185.63.61.0/24 to any
ufw insert 1 deny from 185.76.147.0/24 to any
ufw insert 1 deny from 185.88.102.0/24 to any
ufw insert 1 deny from 192.166.119.0/24 to any
ufw insert 1 deny from 193.218.118.0/24 to any
ufw insert 1 deny from 194.87.218.0/24 to any
ufw insert 1 deny from 194.186.207.0/24 to any
ufw insert 1 deny from 194.190.90.0/24 to any
ufw insert 1 deny from 213.135.156.0/24 to any

I’ve identified this range of 32K, 8K IP Addresses and a class C from Belarus:

ufw insert 1 deny from 178.154.0.0/17 to any
ufw insert 1 deny from 134.17.160.0/19 to any
ufw insert 1 deny from 86.57.147.0/24 to any

If you need a CIDR / subnet calculator this is great: https://www.calculator.net/ip-subnet-calculator.html

I write all these ranges in a script, so I can apply to all my Servers, and so I can remove them from the Firewalls when Russia and Belarus leave Ukraine.

Views: 1,079 views

Rules for writing a Comment


  1. Comments are moderated
  2. I don't publish Spam
  3. Comments with a fake email are not published
  4. Disrespectful comments are not published, even if they have a valid point
  5. Please try to read all the article before asking, as in many cases questions are already responded

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.