.... or use the local file with rules like:

$IPTABLES -I INPUT -s 1.1.1.1 -j DROP

You can use the same format in the custom rules with a "# rule_name" at the end. Similarly you can block subnets like 1.1.1.0/31.

Please note that if you have not specifically opened the firewall, it will be implicitly closed.

If you are trying to block people trying to connect to OpenVPN, I would suggest using the Attack Detector (fail2ban underneath) and creating a custom jail.

What you need is type 0x10000002 rules in /etc/clearos/fiirewall.conf

Test||0x10000002|0|1.1.1.1|| \

You can use WinSCP to directly edit the file but be careful in creating rule so that you don't make a typo.

In the example, I use 'Test' as the firewall rule name (don't recommend spaces but use underscores and dashes). I used 1.1.1.1 for the IP address to be blocked.

You can and should use CIDRs where possible, for example:

Test1||0x10000002|0|1.1.1.0/31|| \

If you have a really long list, you should investigate calling an ipset list and creating your own ipset rules.

Nick Howitt wrote:

What Blocked Incoming Connections are you talking about? I am not sure where you are in the webconfig.

For your rules, I suggest you use /etc/clearos/firewall.d/local but use the "if" structure from /etc/clearos/firewall.d/custom.

Nick, thanks for responding so quickly.

Here is a screenshot showing the Blocked Incoming Connections in webconfig.

I have about 100 blocks in this list and another 100 or so to add. I can't find where these blocked IPs are stored.

What Blocked Incoming Connections are you talking about? I am not sure where you are in the webconfig.

For your rules, I suggest you use /etc/clearos/firewall.d/local but use the "if" structure from /etc/clearos/firewall.d/custom.

Dirk Albring wrote:

Hmm, my custom rules are in the custom file.

Ooophs. I think I call the list the wrong thing.

I have been manually adding IPs to the Incoming Firewall "Blocked Incoming Connections" list at the bottom of the Firewall:Incoming Firewall list.

I've been manually adding the IP addresses of the a-holes who try 10s of thousands of times to get through to the network via the VPN. I put those IP addresses in the "Blocked Incoming Connections" list and hoped I'd find where those were added so I could just add the 100 additional IPs manually.

Where is the manually entered "Blocked Incoming Connections" file in /etc?

Sorry for the confusion.

Hmm, my custom rules are in the custom file.

Nick Howitt wrote:

You can even edit /etc/clearos/firewall.d/local , but make sure each rule name after the "#" is different. I am also not sure what are valid comments. If you use the local file the format is the same but without the comment. You may even be able to leave in the comment. It is important it fires on ipv4 only. Each time you save the local file the firewall restarts and the rule gets applied.

[edit]
... and make sure you use the key word "$IPTABLES" instead of "iptables".
[/edit]

Thank you Nick and Dirk.

How come none of the custom blocks are in the local file at /etc/clearos/firewall.d/local or /etc/clearos/firewall.d/custom?

I have about 20 IPs added using the custom firewall GUI and I thought I would find those rules in one of these places.

You can even edit /etc/clearos/firewall.d/local , but make sure each rule name after the "#" is different. I am also not sure what are valid comments. If you use the local file the format is the same but without the comment. You may even be able to leave in the comment. It is important it fires on ipv4 only. Each time you save the local file the firewall restarts and the rule gets applied.

[edit]
... and make sure you use the key word "$IPTABLES" instead of "iptables".
[/edit]

Thank you Dirk.

I do have the custom firewall app installed. It is great to add a few IPs but it isn't very efficient if you have to add 20 IPs. That is why I want to figure out how to edit the local/custom file but I can't find the file or figure out how to make the change in this newer version of COS.

Do you have the custom firewall app from the marketplace. You can add your own iptables rules in that from the Webconfig.