Skip to main content

blocking IPs

More
18 years 4 months ago #15622 by starcycle
blocking IPs was created by starcycle
i have an IPcop firewall, and i'm trying to block some chinese hacker who is attempting to break in to my server through FTP. i put what i thought was the right entry in the rc.firewall.local script to totally block them, but i'm just starting to learn iptables and it doesn't seem to be working. they're still getting through, trying to hack a user name password with "brute force" attacking, it looks like from the ftp log. can anyone tell me how to block intruders so they can't get through the firewall?

the command i used is:

/sbin/iptables -A INPUT -s 123.456.78.90 -j DROP

i thought that would block them from everything, but like i said, they're still getting through IPcop to the server. do i need to change the -A to -I? or do i need something like customforward instead of input? not sure what i'm doing wrong, any help appreciated. thanks.
More
18 years 4 months ago #15627 by DaLight
Replied by DaLight on topic Re: blocking IPs

... or do i need something like customforward instead of input? not sure what i'm doing wrong, any help appreciated. thanks.


You've already hinted at the answer, starcycle. I'm assuming you have a portforward in place on the IPCOP to your internal FTP server.

You should use the following rule instead:
/sbin/iptables -A CUSTOMFORWARD -s 123.456.78.90 -j DROP
More
18 years 4 months ago #15633 by starcycle
Replied by starcycle on topic Re: blocking IPs
thanks, i thought i had used that one, but i wasn't sure. i had changed the rc.firewall file so many times trying different things that i couldn't remember when what rule was on to check it against the log.

so customforward means anything going from the router to IPs in the LAN, and input/output means anything going to the router itself, is that the idea? what's the difference between customforward and custominput/customoutput?
More
18 years 4 months ago #15641 by DaLight
Replied by DaLight on topic Re: blocking IPs

so customforward means anything going from the router to IPs in the LAN, and input/output means anything going to the router itself


that's right!
Time to create page: 0.120 seconds