Blocking traffic to some internal ip addresses
-
Simple block firewall rule with their IP as source.
You could create a simple alias that you add IPs to keep it easy to manage ;) You could get really fancy and prob even script that.. Better yet would be to redirect all their http traffic to a site that says hey you need to pay your bill...
BTW: Edited your post added spaces after your punctuation so they didn't look like links
guys.sowill look like a link
guys. soWill not ;)
-
Hahahaha.thank you..Now what site could i use for that? You seem know more
-
Dude USE a space after your punctuation!! ;)
Hahahaha.thank you..NowAre you on twitter or something? Not on some very limited character count here ;) Is your space bar sticking or something?
Site for what - just point them to something local running httpd.. Or sure you could host a static html site out on the public net or even on pfsense for that matter if really needed too.
-
R u an english teacher?? Thank you
-
No, but sure makes it easier to read! ;)
And doesn't make stuff look like links that are not suppose to be... When you see stuff like guys.so - you look like a spammer trying to get hits on links in some seo nonsense spammer idea.
I was this close to just banning you and deleting the thread because with the links looked like spammer post, until I saw you were not a one post wonder and took a look to where the links were going.
-
If in the unlikely event you are natting your clients make sure you also remove any existing states for those IP addresses after you add their IP to the blocking alias etc.
-
^ very true.. But even if you don't not like they would be going to any new sessions.. So while sure if they had session open to google when you blocked, they wouldn't be able to create new connection to cnn for example.
BTW @conor are you running that many boxes on 2.4.2 code? Or are you just not able to update your sig?
-
@johnpoz said in Blocking traffic to some internal ip addresses:
BTW @conor are you running that many boxes on 2.4.2 code?
Haven't bothered to update the signature, running more than that now anyway.
-
I just gave you another rep point on this post, so your at 5 now and will be able to edit it ;)
-
Here you go - for fun, took 2 minutes to setup..
I created basic html page on one of my local boxes 192.168.3.32 running nginx (httpd)
Then created a port forward, with source only my boxes IP 192.168.9.100 to send 80 traffic to 3.32..
Made sure the rule on the network client connected to (lan in my case) was top of the list.. And there you go try to go to some http site and get the website instead..
Not going to work with https, because they would get error on cert not matching... But you could just block https..
-
Kindly explain where i should put this. Because it seems not to block the Ip addresses. Thank you
-
-
sure seems to be blocking show 1.17MB of hits on it already
Also your dns rule, should also allow tcp.. And should really be lan address, not the whole net.
And just to be curious - why do you block paying customers from using whatever dns they want?
-
@johnpoz Thank you. Because i was getting blacklisted by my ISP every now and again
-
for dns queries? you got blacklisted?
-
@johnpoz For spamming
-
spamming - ie sending emails is not dns queries.
