In COS5.2 I used to add IPs that I wanted to block by adding the IPs to a local file in the /etc/ folder. The block added using a text editor were in the format of IPTABLES DROP & then a firewall restart.
I haven't been able to find a forum question that deals with the latest version of COS.
I see that the firewall in COS7.x is different and the file locations isn't the same as the COS5.2. Where would I find this local file?
Where can I read about how to do a manual update of the local server IP block list?
Thanks.
I haven't been able to find a forum question that deals with the latest version of COS.
I see that the firewall in COS7.x is different and the file locations isn't the same as the COS5.2. Where would I find this local file?
Where can I read about how to do a manual update of the local server IP block list?
Thanks.
In Firewall
Share this post:
Responses (10)
-
Accepted Answer
.... or use the local file with rules like:
You can use the same format in the custom rules with a "# rule_name" at the end. Similarly you can block subnets like 1.1.1.0/31.$IPTABLES -I INPUT -s 1.1.1.1 -j DROP
Please note that if you have not specifically opened the firewall, it will be implicitly closed.
If you are trying to block people trying to connect to OpenVPN, I would suggest using the Attack Detector (fail2ban underneath) and creating a custom jail. -
Accepted Answer
What you need is type 0x10000002 rules in /etc/clearos/fiirewall.conf
Test||0x10000002|0|1.1.1.1|| \
You can use WinSCP to directly edit the file but be careful in creating rule so that you don't make a typo.
In the example, I use 'Test' as the firewall rule name (don't recommend spaces but use underscores and dashes). I used 1.1.1.1 for the IP address to be blocked.
You can and should use CIDRs where possible, for example:
Test1||0x10000002|0|1.1.1.0/31|| \
If you have a really long list, you should investigate calling an ipset list and creating your own ipset rules. -
Accepted Answer
Nick Howitt wrote:
What Blocked Incoming Connections are you talking about? I am not sure where you are in the webconfig.
For your rules, I suggest you use /etc/clearos/firewall.d/local but use the "if" structure from /etc/clearos/firewall.d/custom.
Nick, thanks for responding so quickly.
Here is a screenshot showing the Blocked Incoming Connections in webconfig.
I have about 100 blocks in this list and another 100 or so to add. I can't find where these blocked IPs are stored. -
Accepted Answer
-
Accepted Answer
Dirk Albring wrote:
Hmm, my custom rules are in the custom file.
Ooophs. I think I call the list the wrong thing.
I have been manually adding IPs to the Incoming Firewall "Blocked Incoming Connections" list at the bottom of the Firewall:Incoming Firewall list.
I've been manually adding the IP addresses of the a-holes who try 10s of thousands of times to get through to the network via the VPN. I put those IP addresses in the "Blocked Incoming Connections" list and hoped I'd find where those were added so I could just add the 100 additional IPs manually.
Where is the manually entered "Blocked Incoming Connections" file in /etc?
Sorry for the confusion. -
Accepted Answer
Nick Howitt wrote:
You can even edit /etc/clearos/firewall.d/local , but make sure each rule name after the "#" is different. I am also not sure what are valid comments. If you use the local file the format is the same but without the comment. You may even be able to leave in the comment. It is important it fires on ipv4 only. Each time you save the local file the firewall restarts and the rule gets applied.
[edit]
... and make sure you use the key word "$IPTABLES" instead of "iptables".
[/edit]
Thank you Nick and Dirk.
How come none of the custom blocks are in the local file at /etc/clearos/firewall.d/local or /etc/clearos/firewall.d/custom?
I have about 20 IPs added using the custom firewall GUI and I thought I would find those rules in one of these places. -
Accepted Answer
You can even edit /etc/clearos/firewall.d/local , but make sure each rule name after the "#" is different. I am also not sure what are valid comments. If you use the local file the format is the same but without the comment. You may even be able to leave in the comment. It is important it fires on ipv4 only. Each time you save the local file the firewall restarts and the rule gets applied.
[edit]
... and make sure you use the key word "$IPTABLES" instead of "iptables".
[/edit] -
Accepted Answer
Thank you Dirk.
I do have the custom firewall app installed. It is great to add a few IPs but it isn't very efficient if you have to add 20 IPs. That is why I want to figure out how to edit the local/custom file but I can't find the file or figure out how to make the change in this newer version of COS. -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »