Search found 39 matches

by dilse
November 10th, 2019, 5:04 pm
Forum: IPFire in General
Topic: Blocking IP Subnets
Replies: 2
Views: 208

Re: Blocking IP Subnets

Sorry, I should have added extra info. I am hosting a number of servers, so I have allowed inbound (RED) for the world. This of course opens up the servers to attackers. I can see a bunch of attempts daily, say around 5-8 unique addresses. I had a look at firewall.local, and blocklist file, but coul...
by dilse
November 10th, 2019, 3:20 pm
Forum: IPFire in General
Topic: Blocking IP Subnets
Replies: 2
Views: 208

Blocking IP Subnets

I’m currently using a single rule to DROP groups of subnets (incoming). This is a pain to manage, as I need to add the name, subnet, mask, desc each time I need to add a new subnet in. Is there a better way to do this?
by dilse
May 23rd, 2019, 10:22 pm
Forum: IPFire in General
Topic: Blocking External IPs manually
Replies: 9
Views: 649

Re: Blocking External IPs manually

iptables -A CUSTOMINPUT -s {an external ip address} -j DROP

This still does not work, and is the only one worth using, as I can maintain a blocklist file, so easier management.

Does anyone have experience in this are? Is this a bug?
by dilse
May 23rd, 2019, 10:11 pm
Forum: IPFire in General
Topic: Blocking External IPs manually
Replies: 9
Views: 649

Re: Blocking External IPs manually

Yes, I know they can change IPs, but the concern is that I can't block anything. Never mind, I was testing this incorrectly. I did not disconnect my mobile data connection (the one being used to test blocking) each time I changed the rule, so the existing established connection was always able to co...
by dilse
May 23rd, 2019, 8:49 pm
Forum: IPFire in General
Topic: Blocking External IPs manually
Replies: 9
Views: 649

Re: Blocking External IPs manually

Thanks for testing, but I need it the other way round.

I have a port open to all inbound, but I need to block it for specific external IP's (hackers) coming in on red.

Blocking outbound via Green works fine.

Does this make sense?
by dilse
May 23rd, 2019, 8:20 pm
Forum: IPFire in General
Topic: Blocking External IPs manually
Replies: 9
Views: 649

Re: Blocking External IPs manually

Already tried the Rule method via GUI, and it did not work, so went with the iptables method. But, that's not working either.
by dilse
May 23rd, 2019, 6:51 pm
Forum: IPFire in General
Topic: CUSTOMINPUT Not working as expected
Replies: 5
Views: 872

Re: CUSTOMINPUT Not working as expected

Did u ever get this working?
by dilse
May 23rd, 2019, 6:37 pm
Forum: IPFire in General
Topic: Blocking External IPs manually
Replies: 9
Views: 649

Re: Blocking External IPs manually

Yes, ignore that, it's an input, wasn't thinking whilst I typed. But the real issue is the original one, I entered an external IP, and that IP can still gain access. What is allowing it in, when I have created a rule to drop it? iptables -A CUSTOMINPUT -s {an external ip address} -j DROP I can see t...
by dilse
May 23rd, 2019, 6:27 pm
Forum: IPFire in General
Topic: Blocking External IPs manually
Replies: 9
Views: 649

Blocking External IPs manually

Struggling to get the custom blocklist to work via firewall.local, running Core Update 131, but never tried on previous releases. I couldn't get my test IP block using the CUSTOMINPUT rule, so as a test I did this via the shell: iptables -A CUSTOMINPUT -s 8.8.8.8 -j DROP Yet I can still ping the add...
by dilse
May 22nd, 2019, 7:35 pm
Forum: IPFire in General
Topic: Intrusion Prevention System - core 131
Replies: 54
Views: 6503

Re: Intrusion Prevention System - core 131

Thanks for the that explanation, makes sense.

Agreed, 108MB (Talos) compared to 2.3MB (EM), big difference. Now I'll switch back to Talos :)
by dilse
May 21st, 2019, 10:56 am
Forum: IPFire in General
Topic: Intrusion Prevention System - core 131
Replies: 54
Views: 6503

Re: Intrusion Prevention System - core 131

Ignore that, I had to enable some rules within the ruleset.

But, I might move back to Emergingthreats, due to the amount of errors the Talos once are generating.
by dilse
May 21st, 2019, 8:06 am
Forum: IPFire in General
Topic: Intrusion Prevention System - core 131
Replies: 54
Views: 6503

Re: Intrusion Prevention System - core 131

Did you guys manage to get Talos VRT rules to work. I am also experiencing issues as follows: Enable Emergingthreats.net Community Rules - IPS Log shows entries. Enable Talos VRT rules for registered users - IPS Log shows no entries. My IPfire was upgraded from previous version, using IDS. I know a ...
by dilse
May 2nd, 2019, 7:43 am
Forum: IPFire in General
Topic: Outbound port forward or something like that
Replies: 2
Views: 331

Re: Outbound port forward or something like that

Brilliant, thanks Arne !
by dilse
May 1st, 2019, 11:02 am
Forum: IPFire in General
Topic: Outbound port forward or something like that
Replies: 2
Views: 331

Outbound port forward or something like that

Hi, I've had a think about this, and could not work out if it's even possible... Is it possible to create some sort of rule which forwards and outbound port to an internal port on GREEN? e.g. Device is trying to get to NTP Server on the internet, I want this diverted to my own internal NTP server. T...
by dilse
April 18th, 2019, 9:31 am
Forum: Addons
Topic: Firewall Bandwidth Usage Reports
Replies: 3
Views: 740

Re: Firewall Bandwidth Usage Reports

Thanks for that link, installed, and it works nicely.