This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking bad IP addresses

I'm currently configuring an ASG220 to replace an aging PII box running iptables, and I'm in the process of working out how best to transfer the iptables script to the Astaro. On our old iptables machine, we implemented a block of bad IP addresses that were blocked coming into the firewall -- essentially, these are all IP addresses that should never be originating from the external internet, and are taken from the bogon list here: http://www.cymru.com/Documents/bogon-bn-agg.txt

My question is: is there a way to define a network group in which I could aggregate all these networks? For ease of maintenance, what I would prefer to do is enter a network group of Bad IP Addresses in which I could enter all these networks. The only way I see to do that now is to enter each network individually, then define a network group, but this seems a bit clumsy to me. Am I missing something here, or could someone point me in the direction of an easier solution?

Much appreciated,

Nick

This thread was automatically locked due to age.

0 BarryG over 20 years ago

Do you have a lot of applications using UDP?

If not, I wouldn't worry about it, as you can't spoof IPs with TCP (except in SYN floods, etc).

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 NimmdirKeks over 20 years ago

Hi,

most of those IPs are in the spoofing protection included, so normaly you must not explicit include them into the tables.

Chris
Cancel
Vote Up 0 Vote Down

Cancel
0 nphominoid over 20 years ago in reply to NimmdirKeks

Thanks for the info! Where in the WebAdmin can I find the details of the automatic spoofing protection? Or is this just something built in? I was also wondering about things like blocking packets with bad TCP/IP flags set -- is this another thing that the ASG does automatically? I don't seem to find a way to look at this stuff on a more granular level through the WebAdmin interface and the default SSH message that modifications as root will void support is making me reticent to start fiddling around with the CLI!
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 20 years ago in reply to nphominoid

Well, you can always make a backup before you start messing around, and re-install if you break something badly.

But, if you are competent in linux, you should be fine.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 20 years ago in reply to nphominoid

I think you'd need to read the iptables docs to really get into it if you want to know about bad flags, etc.

Or maybe a good firewall book that deals with iptables.

Unless someone from ASL would like to explain what features are enabled??

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 NimmdirKeks over 20 years ago in reply to BarryG

Hi,

had a look at the tables, seams that they only make local spoofing protection. Somehow I mixed up something.

Chris
Cancel
Vote Up 0 Vote Down

Cancel