Is there a way to turn on and manually add an ip address to the blacklist in raptor. I have several IP address I would like to block that do not meet the criteria for an attack. If I change the connetion settings to be less than what they are now, I will affect legitimate users.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Deny Specific IP Adresses access through the firewall 1
- Thread starter bond5512
- Start date
-
1
- #2
1) create a new protocol with the port which is used by instant messaging (i don't know the port number but if you start instant messaging you can look it up in the log file).
2) create a new rule which denies access from "universe" to "universe" to the newly created "instant messaging protocol".
3)save configuration
2) create a new rule which denies access from "universe" to "universe" to the newly created "instant messaging protocol".
3)save configuration
Thanks a lot rene100!
by the way if anyone's trying to block these like I am here's a site where you can get a list of IM ports (they even have the ipchains commands you can just type into your linux fw)
by the way if anyone's trying to block these like I am here's a site where you can get a list of IM ports (they even have the ipchains commands you can just type into your linux fw)
I tried what Rene said re:blocking ips with my own web page to see if it'd work. For the entity I used the ip of my house.
Made a rule denying from source (my entity) to universe (on any interfaces). For services I did all*, http* and others. Saved. But I can still pull up my web page from my desk.
The radius settings for my account are "full-access" but shouldn't that still block it? I tried flipping the from and to roles but no go. Any ideas? thanks much.
Made a rule denying from source (my entity) to universe (on any interfaces). For services I did all*, http* and others. Saved. But I can still pull up my web page from my desk.
The radius settings for my account are "full-access" but shouldn't that still block it? I tried flipping the from and to roles but no go. Any ideas? thanks much.
I've tried it both ways, my page still loads faster then cash into a whiplash attourney's Swiss bank account.
For services, I have included almost every service in the book. I have the in/out interfaces set for "any", that should be ok right?
It's not a cached copy, sometimes it seems like it's not working (the server is slow) but I'm able to add/read content, run code, etc
For services, I have included almost every service in the book. I have the in/out interfaces set for "any", that should be ok right?
It's not a cached copy, sometimes it seems like it's not working (the server is slow) but I'm able to add/read content, run code, etc
I think there must be something wrong with the entity you created. You can check this by creating a deny rule:
from *universe to *universe, protocol *all
be carefull with this rule, it will block all traffice !
if you can't load the page anymore with this rule in place, then there is something wrong with your entity
from *universe to *universe, protocol *all
be carefull with this rule, it will block all traffice !
if you can't load the page anymore with this rule in place, then there is something wrong with your entity
- Status
Similar threads
- Locked
- Question
- Locked
- Question