I'm having problem blocking IP-addresses from connecting to me
-
I'm trying to set up a blacklist of IP's that are not allowed to connect to our server, but i can't get it work.
Here is what i do:
Create alias "blacklist" and add networks like this:
123.123.123.0 /24 <– should block from .1 to .254?Then i create a new rule, and place it underneath the "Block private networks" rule which is at top.
Block, Protocoll: *, Source: blacklist, Dest.: *, Port: *, Gateway: *In other words, i added a new rule like the "Block private networks", except it only blocks the alias called "blacklist".
But i still get connections from 123.123.123.192 for instance. So what am i doing wrong?
-
What you're doing sounds correct, and works for me. It won't kill off existing states though, so if you're expecting it to cut off an active session, it won't.
-
Yes, i was thinking that too, but it was still getting new connections as well. :(
-
Don't want to be picky, just verify my network knowledge…
So correct me if I'm wrong:123.123.123.0 /24 <– should block from .1 to .254?
The net mask /24 should block from .0 to .255 including network and brodcast addresses, right?
Anybody?Chris
-
-
Then i create a new rule, and place it underneath the "Block private networks" rule which is at top.
Block, Protocoll: *, Source: blacklist, Dest.: *, Port: *, Gateway: *that sounds to me as if you've added this rule on the LAN-tab.
But rules on your LAN tab wont block connections comming from WAN to servers in your LAN.