I am running Ubuntu Server 24.04 LTS on a desktop with 32GB of RAM, a 1TB NVMe disk and it has a built in 1GB Ethernet port. I have installed Casa OS on it, then installed Crafty Controller. This is intended to be a Minecraft server for my family both from my LAN and from the Internet.
I also recently upgraded my network at home from 1GB to 2.5GB, so I installed a 2.5GB NIC in to this PC and moved the IP address over to it. From my router, I have forwarded the Minecraft port to the server and that is working successfully.
I keep seeing in the logs that this server is being attacked from a variety of IP addresses trying to gain access to our Minecraft instance. I have enabled UFW and created a deny rule for these IP addresses, but I keep seeing them in the logs. I thought that maybe its only being applied to the GB NIC maybe since I didn't call out the specific NIC, so I added the 2.5GB NIC specifically, and I am still seeing these IP addresses attempt to connect. Casa OS is running Crafty Controller as a docker image, so I then added the docker bridge virtual NIC and I keep seeing them come in on the Minecraft log. ufw status shows it as enabled.
systemctl status ufw looks like this:
● ufw.service - Uncomplicated firewall
Loaded: loaded (/usr/lib/systemd/system/ufw.service; enabled; preset: enabled)
Active: active (exited) since Mon 2026-05-04 18:20:54 UTC; 1h 8min ago
Docs: man:ufw(8)
Main PID: 706 (code=exited, status=0/SUCCESS)
CPU: 68ms
May 04 18:20:54 ryzen-minecraft systemd[1]: Starting ufw.service - Uncomplicated firewall...
May 04 18:20:54 ryzen-minecraft systemd[1]: Finished ufw.service - Uncomplicated firewall.
That looks like maybe it stopped?
ufw status shows this:
Status: active
To Action From
-- ------ ----
Anywhere DENY 185.242.3.173
Anywhere DENY 212.15.56.19
Anywhere DENY 103.44.172.161
22/tcp ALLOW Anywhere
8111/tcp ALLOW Anywhere
9090/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
Anywhere DENY 87.121.84.28
Anywhere DENY 103.44.174.155
Anywhere DENY 185.254.75.45
Anywhere on enx00e04c79e57d DENY 185.242.3.173
Anywhere on enx00e04c79e57d DENY 212.15.56.19
Anywhere on enx00e04c79e57d DENY 103.44.172.161
Anywhere on enx00e04c79e57d DENY 87.121.84.28
Anywhere on enx00e04c79e57d DENY 103.44.174.155
Anywhere on enx00e04c79e57d DENY 185.254.75.45
Anywhere on enx00e04c79e57d DENY 51.159.119.214
Anywhere DENY 51.159.119.214
Anywhere on enx00e04c79e57d DENY 79.95.127.255
Anywhere DENY 79.95.127.255
Anywhere on docker0 DENY 185.242.3.173
Anywhere on docker0 DENY 212.15.56.19
Anywhere on docker0 DENY 103.44.172.161
Anywhere on docker0 DENY 87.121.84.28
Anywhere on docker0 DENY 103.44.174.155
Anywhere on docker0 DENY 185.254.75.45
Anywhere on docker0 DENY 51.159.119.214
Anywhere on docker0 DENY 79.95.127.255
Anywhere on br-de302d945987 DENY 185.242.3.173
Anywhere on br-de302d945987 DENY 212.15.56.19
Anywhere on br-de302d945987 DENY 103.44.172.161
Anywhere on br-de302d945987 DENY 87.121.84.28
Anywhere on br-de302d945987 DENY 103.44.174.155
Anywhere on br-de302d945987 DENY 185.254.75.45
Anywhere on br-de302d945987 DENY 51.159.119.214
Anywhere on br-de302d945987 DENY 79.95.127.255
Anywhere on br-de302d945987 DENY 104.28.159.8
Anywhere on docker0 DENY 104.28.159.8
Anywhere on enx00e04c79e57d DENY 104.28.159.8
Anywhere DENY 104.28.159.8
Anywhere on enx00e04c79e57d ALLOW 192.168.0.34
Anywhere on br-de302d945987 ALLOW 192.168.0.34
Anywhere on docker0 ALLOW 192.168.0.34
Anywhere ALLOW 192.168.0.34
22/tcp (v6) ALLOW Anywhere (v6)
8111/tcp (v6) ALLOW Anywhere (v6)
9090/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
But like I said, I keep seeing these IP addresses try to hit my server.
enx00e04c79e57d is my 2.5GB NIC. The others are what cockpit reports for network interfaces so I figured I'd try to block anything that looked active. I did not include my disconnected 1GB NIC or its built in wifi NIC either
Any idea what I am doing wrong?