I'm having problem blocking IP-addresses from connecting to me



  • I'm trying to set up a blacklist of IP's that are not allowed to connect to our server, but i can't get it work.

    Here is what i do:
    Create alias "blacklist" and add networks like this:
    123.123.123.0 /24 <– should block from .1 to .254?

    Then i create a new rule, and place it underneath the "Block private networks" rule which is at top.
    Block, Protocoll: *, Source: blacklist, Dest.: *,  Port: *, Gateway: *

    In other words, i added a new rule like the "Block private networks", except it only blocks the alias called "blacklist".

    But i still get connections from 123.123.123.192 for instance. So what am i doing wrong?



  • What you're doing sounds correct, and works for me. It won't kill off existing states though, so if you're expecting it to cut off an active session, it won't.



  • Yes, i was thinking that too, but it was still getting new connections as well. :(



  • Don't want to be picky, just verify my network knowledge…
    So correct me if I'm wrong:

    @GeeZuZz:

    123.123.123.0 /24 <– should block from .1 to .254?

    The net mask /24 should block from .0 to .255 including network and brodcast addresses, right?
    Anybody?

    Chris



  • @jahonix:

    Don't want to be picky, just verify my network knowledge…
    So correct me if I'm wrong:

    @GeeZuZz:

    123.123.123.0 /24 <– should block from .1 to .254?

    The net mask /24 should block from .0 to .255 including network and brodcast addresses, right?
    Anybody?

    That's correct.



  • @GeeZuZz:

    Then i create a new rule, and place it underneath the "Block private networks" rule which is at top.
    Block, Protocoll: *, Source: blacklist, Dest.: *,  Port: *, Gateway: *

    that sounds to me as if you've added this rule on the LAN-tab.
    But rules on your LAN tab wont block connections comming from WAN to servers in your LAN.


Log in to reply