Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: blocking IPs

blocking IPs 10 years 4 months ago #15622

  • starcycle
  • starcycle's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
i have an IPcop firewall, and i'm trying to block some chinese hacker who is attempting to break in to my server through FTP. i put what i thought was the right entry in the rc.firewall.local script to totally block them, but i'm just starting to learn iptables and it doesn't seem to be working. they're still getting through, trying to hack a user name password with "brute force" attacking, it looks like from the ftp log. can anyone tell me how to block intruders so they can't get through the firewall?

the command i used is:

/sbin/iptables -A INPUT -s 123.456.78.90 -j DROP

i thought that would block them from everything, but like i said, they're still getting through IPcop to the server. do i need to change the -A to -I? or do i need something like customforward instead of input? not sure what i'm doing wrong, any help appreciated. thanks.
The administrator has disabled public write access.

Re: blocking IPs 10 years 4 months ago #15627

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
... or do i need something like customforward instead of input? not sure what i'm doing wrong, any help appreciated. thanks.

You've already hinted at the answer, starcycle. I'm assuming you have a portforward in place on the IPCOP to your internal FTP server.

You should use the following rule instead:
/sbin/iptables -A CUSTOMFORWARD -s 123.456.78.90 -j DROP
The administrator has disabled public write access.

Re: blocking IPs 10 years 4 months ago #15633

  • starcycle
  • starcycle's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
thanks, i thought i had used that one, but i wasn't sure. i had changed the rc.firewall file so many times trying different things that i couldn't remember when what rule was on to check it against the log.

so customforward means anything going from the router to IPs in the LAN, and input/output means anything going to the router itself, is that the idea? what's the difference between customforward and custominput/customoutput?
The administrator has disabled public write access.

Re: blocking IPs 10 years 4 months ago #15641

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
so customforward means anything going from the router to IPs in the LAN, and input/output means anything going to the router itself

that's right!
The administrator has disabled public write access.
Time to create page: 0.080 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup