EFW Support

Support => General Support => Topic started by: lokutus25 on Tuesday 06 November 2012, 01:04:21 am



Title: EFW 2.5.1 Blocking Single IP address, the right way?
Post by: lokutus25 on Tuesday 06 November 2012, 01:04:21 am
Hi everybody,
I'm quite new to Endian and I have a question or two.
I have a Web Server published via a "Port Forwarding" rule, very simple.
In the "Access From" rules section I have "Allow from: Uplink Any", since everybody can access to the Web Server.
Now, someone was trying a nice DoS, attacking the http port from a fixed IP address. The documentation say that I can add an "Access From" rules
to tune the IP addresses. But, as far as I can see I can only add "Access From" rules of the "Allow from" type. I can't add a "Deny from:"
rule if the original one is the "Allow" type. Is it correct? Or am I missing something?
To add a "Deny From" I added a duplicated "Port Forwarding" rule on top of the previous one, identical but for the "Deny From" rule. It works
but is this the right way to configure? I'm asking because I know a bit of iptables and sounds unnecessary to me. But as I said, I'm new
to Endian and I'd like to know if I'm doing it right.
Thanks


Title: Re: EFW 2.5.1 Blocking Single IP address, the right way?
Post by: lokutus25 on Wednesday 07 November 2012, 01:30:04 am
Bump.
None has the same configuration? I thought It is very common.


Title: Re: EFW 2.5.1 Blocking Single IP address, the right way?
Post by: steven on Tuesday 01 January 2013, 01:22:11 am
You have two options.

1. since the default option on the firewall is to deny all, create an allow rule with specific IP ranges this can be useful if you only want to allow specific IP i.e. from a particular ISP or particular country.

2. create a deny rule first for the IP you want to block, then create an allow rule for all IP's the firewall reads the rules from top to bottom, this is the option you went for an is correct.

Steve - Techtron Computers