Blocking External IPs manually

General questions.
Post Reply
dilse
Posts: 37
Joined: August 12th, 2014, 8:09 am

Blocking External IPs manually

Post by dilse » May 23rd, 2019, 6:27 pm

Struggling to get the custom blocklist to work via firewall.local, running Core Update 131, but never tried on previous releases.

I couldn't get my test IP block using the CUSTOMINPUT rule, so as a test I did this via the shell:
iptables -A CUSTOMINPUT -s 8.8.8.8 -j DROP

Yet I can still ping the address.

What am I doing wrong?

EDIT: Ignore the 8.8.8.8 and ping part, not thinking straight. Still have problem with original issue, can't block an external IP.
Last edited by dilse on May 23rd, 2019, 6:41 pm, edited 2 times in total.

BeBiMa
Posts: 2823
Joined: July 30th, 2011, 12:55 pm
Location: Mannheim

Re: Blocking External IPs manually

Post by BeBiMa » May 23rd, 2019, 6:30 pm

If you ping the address you establish a connection from inside. And traffic of establish connections is accepted.
Image
Unitymedia Cable Internet ( 32MBit )

dilse
Posts: 37
Joined: August 12th, 2014, 8:09 am

Re: Blocking External IPs manually

Post by dilse » May 23rd, 2019, 6:37 pm

Yes, ignore that, it's an input, wasn't thinking whilst I typed.

But the real issue is the original one, I entered an external IP, and that IP can still gain access. What is allowing it in, when I have created a rule to drop it?

iptables -A CUSTOMINPUT -s {an external ip address} -j DROP

I can see the change in iptables -L CUSTOMINPUT, and also in the iptables GUI.

Just doesn't work.

Mentalic
Posts: 31
Joined: April 14th, 2018, 2:51 pm

Re: Blocking External IPs manually

Post by Mentalic » May 23rd, 2019, 7:40 pm

Could make a firewall rule to block a single ip easy enough.

Here's another way that allows for blocking url's via dns. If you go this route I've noticed that the IPS service needs to be stopped while setting this up.
https://github.com/sfeakes/ipfire-scripts
Image
Image

dilse
Posts: 37
Joined: August 12th, 2014, 8:09 am

Re: Blocking External IPs manually

Post by dilse » May 23rd, 2019, 8:20 pm

Already tried the Rule method via GUI, and it did not work, so went with the iptables method. But, that's not working either.

Mentalic
Posts: 31
Joined: April 14th, 2018, 2:51 pm

Re: Blocking External IPs manually

Post by Mentalic » May 23rd, 2019, 8:36 pm

dilse wrote:
May 23rd, 2019, 8:20 pm
Already tried the Rule method via GUI, and it did not work, so went with the iptables method. But, that's not working either.
Just tested it and I can block an specific IP with a rule.
Source: Standard Networks GREEN
Destination Address: xxx.xxx.xxx.xxx

I'm also blocking all DNS traffic to RED and only allow clients to get DNS from Ipfire.
Image
Image

dilse
Posts: 37
Joined: August 12th, 2014, 8:09 am

Re: Blocking External IPs manually

Post by dilse » May 23rd, 2019, 8:49 pm

Thanks for testing, but I need it the other way round.

I have a port open to all inbound, but I need to block it for specific external IP's (hackers) coming in on red.

Blocking outbound via Green works fine.

Does this make sense?

qiller
Posts: 70
Joined: July 27th, 2014, 3:21 pm

Re: Blocking External IPs manually

Post by qiller » May 23rd, 2019, 9:35 pm

I dont think that makes any sense, cause attackers will switch to another ip. But if you want to do it either, just put the block-rule before your port-forwarding rule (or input-rule, if this is a service hosted on ipfire).

If you want to use a simple ip-block rule: source ip = attackers ip, destination-ip = all, source/destination-ports = all. If there are several attacker ip-adresses to block, use firewall-groups for source-ips.

dilse
Posts: 37
Joined: August 12th, 2014, 8:09 am

Re: Blocking External IPs manually

Post by dilse » May 23rd, 2019, 10:11 pm

Yes, I know they can change IPs, but the concern is that I can't block anything.

Never mind, I was testing this incorrectly. I did not disconnect my mobile data connection (the one being used to test blocking) each time I changed the rule, so the existing established connection was always able to connect.

Re-tested the Firewall rule, and it works. I'll go and test iptables now.

Thanks.

dilse
Posts: 37
Joined: August 12th, 2014, 8:09 am

Re: Blocking External IPs manually

Post by dilse » May 23rd, 2019, 10:22 pm

iptables -A CUSTOMINPUT -s {an external ip address} -j DROP

This still does not work, and is the only one worth using, as I can maintain a blocklist file, so easier management.

Does anyone have experience in this are? Is this a bug?

Post Reply