Firewall - Block IP Adresses inTraffic Rules

nospaces · October 1, 2020, 4:22pm

ooww just thought name was only a name for the rule, but giving the name RDP also dont work

Also i think i know why my initial ip ban list question dont work....
Apparently it wasn't designed for the way i want to use it

If you bulk input, like i did in my example, it just ignores all adress and just block the port....
So, you need to manually keep adding ip-adresses 1 at the time under 1 rule.... which is to insane, even for me

trendy · October 2, 2020, 9:53am

It will not work by adding all addresses in one line, there is a button add ip there for that.
But for bulk addresses it is best to use ipsets.
If you don't want to use a vpn, it makes more sense to whitelist the addresses you want and drop anything else.

nospaces · October 2, 2020, 5:14pm

That's exactly what i mend about the add ip list.

I think i have got what i want, with a GUI :P!

github.com

openwrt/packages/blob/master/net/banip/files/README.md

# banIP - ban incoming and/or outgoing ip adresses via ipsets

## Description
IP address blocking is commonly used to protect against brute force attacks, prevent disruptive or unauthorized address(es) from access or it can be used to restrict access to or from a particular geographic area — for example.  

## Main Features
* support many IP blocklist sources (free for private usage, for commercial use please check their individual licenses):
* zero-conf like automatic installation & setup, usually no manual changes needed
* automatically selects one of the following download utilities: aria2c, curl, uclient-fetch, wget
* Really fast downloads & list processing as they are handled in parallel as background jobs in a configurable 'Download Queue'
* full IPv4 and IPv6 support
* ipsets (one per source) are used to ban a large number of IP addresses
* supports blocking by ASN numbers
* supports blocking by iso country codes
* supports local white & blacklist (IPv4, IPv6 & CIDR notation), located by default in /etc/banip/banip.whitelist and /etc/banip/banip.blacklist
* auto-add unsuccessful LuCI and ssh login attempts via 'dropbear' or 'sshd' to local blacklist (see 'ban_autoblacklist' option)
* auto-add the uplink subnet to local whitelist (see 'ban_autowhitelist' option)
* provides a small background log monitor to ban unsuccessful login attempts in real-time
* per source configuration of SRC (incoming) and DST (outgoing)
* integrated IPSet-Lookup

This file has been truncated. show original

installed:

ipset
banIP
luci-app-banip

For banIP:

libustream (any will do, i just picked the first one)
Dropbear (this is preinstalled on openwrt, or a other SSH of your choosing)

system · October 12, 2020, 5:14pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.