Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 05 December 2024, 02:43:09 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  EFW 2.5.1 Blocking Single IP address, the right way?
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW 2.5.1 Blocking Single IP address, the right way?  (Read 9162 times)
lokutus25
Jr. Member
*
Offline Offline

Posts: 8


« on: Tuesday 06 November 2012, 01:04:21 am »

Hi everybody,
I'm quite new to Endian and I have a question or two.
I have a Web Server published via a "Port Forwarding" rule, very simple.
In the "Access From" rules section I have "Allow from: Uplink Any", since everybody can access to the Web Server.
Now, someone was trying a nice DoS, attacking the http port from a fixed IP address. The documentation say that I can add an "Access From" rules
to tune the IP addresses. But, as far as I can see I can only add "Access From" rules of the "Allow from" type. I can't add a "Deny from:"
rule if the original one is the "Allow" type. Is it correct? Or am I missing something?
To add a "Deny From" I added a duplicated "Port Forwarding" rule on top of the previous one, identical but for the "Deny From" rule. It works
but is this the right way to configure? I'm asking because I know a bit of iptables and sounds unnecessary to me. But as I said, I'm new
to Endian and I'd like to know if I'm doing it right.
Thanks
Logged
lokutus25
Jr. Member
*
Offline Offline

Posts: 8


« Reply #1 on: Wednesday 07 November 2012, 01:30:04 am »

Bump.
None has the same configuration? I thought It is very common.
Logged
steven
Full Member
***
Offline Offline

Gender: Male
Posts: 10


WWW
« Reply #2 on: Tuesday 01 January 2013, 01:22:11 am »

You have two options.

1. since the default option on the firewall is to deny all, create an allow rule with specific IP ranges this can be useful if you only want to allow specific IP i.e. from a particular ISP or particular country.

2. create a deny rule first for the IP you want to block, then create an allow rule for all IP's the firewall reads the rules from top to bottom, this is the option you went for an is correct.

Steve - Techtron Computers
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com