Forums

nuke
nuke
Offline
Resolved
0 votes
In COS5.2 I used to add IPs that I wanted to block by adding the IPs to a local file in the /etc/ folder. The block added using a text editor were in the format of IPTABLES DROP & then a firewall restart.

I haven't been able to find a forum question that deals with the latest version of COS.

I see that the firewall in COS7.x is different and the file locations isn't the same as the COS5.2. Where would I find this local file?

Where can I read about how to do a manual update of the local server IP block list?

Thanks.
Saturday, December 15 2018, 07:44 PM
Share this post:

Accepted Answer

Saturday, December 15 2018, 09:42 PM - #Permalink
Resolved
0 votes
/etc/clearos/firewall.d/local
The reply is currently minimized Show
Responses (10)
  • Accepted Answer

    Saturday, December 15 2018, 08:31 PM - #Permalink
    Resolved
    0 votes
    Do you have the custom firewall app from the marketplace. You can add your own iptables rules in that from the Webconfig.
    The reply is currently minimized Show
  • Accepted Answer

    nuke
    nuke
    Offline
    Saturday, December 15 2018, 08:47 PM - #Permalink
    Resolved
    0 votes
    Thank you Dirk.

    I do have the custom firewall app installed. It is great to add a few IPs but it isn't very efficient if you have to add 20 IPs. That is why I want to figure out how to edit the local/custom file but I can't find the file or figure out how to make the change in this newer version of COS.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, December 15 2018, 10:07 PM - #Permalink
    Resolved
    0 votes
    You can even edit /etc/clearos/firewall.d/local , but make sure each rule name after the "#" is different. I am also not sure what are valid comments. If you use the local file the format is the same but without the comment. You may even be able to leave in the comment. It is important it fires on ipv4 only. Each time you save the local file the firewall restarts and the rule gets applied.

    [edit]
    ... and make sure you use the key word "$IPTABLES" instead of "iptables".
    [/edit]
    The reply is currently minimized Show
  • Accepted Answer

    nuke
    nuke
    Offline
    Sunday, December 16 2018, 11:38 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    You can even edit /etc/clearos/firewall.d/local , but make sure each rule name after the "#" is different. I am also not sure what are valid comments. If you use the local file the format is the same but without the comment. You may even be able to leave in the comment. It is important it fires on ipv4 only. Each time you save the local file the firewall restarts and the rule gets applied.

    [edit]
    ... and make sure you use the key word "$IPTABLES" instead of "iptables".
    [/edit]

    Thank you Nick and Dirk.

    How come none of the custom blocks are in the local file at /etc/clearos/firewall.d/local or /etc/clearos/firewall.d/custom?

    I have about 20 IPs added using the custom firewall GUI and I thought I would find those rules in one of these places.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, December 17 2018, 02:56 AM - #Permalink
    Resolved
    0 votes
    Hmm, my custom rules are in the custom file.
    The reply is currently minimized Show
  • Accepted Answer

    nuke
    nuke
    Offline
    Sunday, December 30 2018, 08:20 PM - #Permalink
    Resolved
    0 votes
    Dirk Albring wrote:

    Hmm, my custom rules are in the custom file.

    Ooophs. I think I call the list the wrong thing.

    I have been manually adding IPs to the Incoming Firewall "Blocked Incoming Connections" list at the bottom of the Firewall:Incoming Firewall list.

    I've been manually adding the IP addresses of the a-holes who try 10s of thousands of times to get through to the network via the VPN. I put those IP addresses in the "Blocked Incoming Connections" list and hoped I'd find where those were added so I could just add the 100 additional IPs manually.

    Where is the manually entered "Blocked Incoming Connections" file in /etc?

    Sorry for the confusion.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, December 30 2018, 09:28 PM - #Permalink
    Resolved
    0 votes
    What Blocked Incoming Connections are you talking about? I am not sure where you are in the webconfig.

    For your rules, I suggest you use /etc/clearos/firewall.d/local but use the "if" structure from /etc/clearos/firewall.d/custom.
    The reply is currently minimized Show
  • Accepted Answer

    nuke
    nuke
    Offline
    Sunday, December 30 2018, 10:14 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    What Blocked Incoming Connections are you talking about? I am not sure where you are in the webconfig.

    For your rules, I suggest you use /etc/clearos/firewall.d/local but use the "if" structure from /etc/clearos/firewall.d/custom.


    Nick, thanks for responding so quickly.

    Here is a screenshot showing the Blocked Incoming Connections in webconfig.

    I have about 100 blocks in this list and another 100 or so to add. I can't find where these blocked IPs are stored.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, December 31 2018, 04:21 AM - #Permalink
    Resolved
    0 votes
    What you need is type 0x10000002 rules in /etc/clearos/fiirewall.conf

    Test||0x10000002|0|1.1.1.1|| \


    You can use WinSCP to directly edit the file but be careful in creating rule so that you don't make a typo.

    In the example, I use 'Test' as the firewall rule name (don't recommend spaces but use underscores and dashes). I used 1.1.1.1 for the IP address to be blocked.

    You can and should use CIDRs where possible, for example:

    Test1||0x10000002|0|1.1.1.0/31|| \


    If you have a really long list, you should investigate calling an ipset list and creating your own ipset rules.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, December 31 2018, 10:20 AM - #Permalink
    Resolved
    0 votes
    .... or use the local file with rules like:
    $IPTABLES -I INPUT -s 1.1.1.1 -j DROP
    You can use the same format in the custom rules with a "# rule_name" at the end. Similarly you can block subnets like 1.1.1.0/31.

    Please note that if you have not specifically opened the firewall, it will be implicitly closed.

    If you are trying to block people trying to connect to OpenVPN, I would suggest using the Attack Detector (fail2ban underneath) and creating a custom jail.
    The reply is currently minimized Show
Your Reply