EFW 2.5.1 Blocking Single IP address, the right way?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

EFW 2.5.1 Blocking Single IP address, the right way?

ildavo
Hi everybody,
I'm quite new to Endian and I have a question or two.
I have a Web Server published via a "Port Forwarding" rule, very simple.
In the "Access From" rules section I have "Allow from: Uplink Any",
since everybody can access to the Web Server.
Now, someone was trying a nice DoS, attacking the http port from a fixed
IP address. The documentation say that I can add an "Access From" rules
to tune the IP addresses. But, as far as I can see I can only add
"Access From" rules of the "Allow from" type. I can't add a "Deny from:"
rule if the original one is the "Allow" type. Is it correct? Or am I
missing something?
To add a "Deny From" I added a duplicated "Port Forwarding" rule on top
of the previous one, identical but for the "Deny From" rule. It works
but is this the right way to configure? I'm asking because I know a bit
of iptables and sounds a bit unnecessary to me. But as I said, I'm new
to Endian and I'd like to know if I'm doing it right.
Thanks
Davo

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: EFW 2.5.1 Blocking Single IP address, the right way?

ildavo
Am I doing something wrong, or this community isn't very active?
Maybe I had my message on the wrong list? If so, please, tell me the
right way to communicate.
Thanks
Davo


On 10/30/2012 12:41 PM, [hidden email] wrote:

> Hi everybody,
> I'm quite new to Endian and I have a question or two.
> I have a Web Server published via a "Port Forwarding" rule, very simple.
> In the "Access From" rules section I have "Allow from: Uplink Any",
> since everybody can access to the Web Server.
> Now, someone was trying a nice DoS, attacking the http port from a fixed
> IP address. The documentation say that I can add an "Access From" rules
> to tune the IP addresses. But, as far as I can see I can only add
> "Access From" rules of the "Allow from" type. I can't add a "Deny from:"
> rule if the original one is the "Allow" type. Is it correct? Or am I
> missing something?
> To add a "Deny From" I added a duplicated "Port Forwarding" rule on top
> of the previous one, identical but for the "Deny From" rule. It works
> but is this the right way to configure? I'm asking because I know a bit
> of iptables and sounds a bit unnecessary to me. But as I said, I'm new
> to Endian and I'd like to know if I'm doing it right.
> Thanks
> Davo
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user


------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: EFW 2.5.1 Blocking Single IP address, the right way?

Davide Cottignoli
Perhaps it is better to post in efwsupport.com

Davide Cottignoli.


Il giorno 05/nov/2012, alle ore 08:57, "[hidden email]" <[hidden email]> ha scritto:

> Am I doing something wrong, or this community isn't very active?
> Maybe I had my message on the wrong list? If so, please, tell me the
> right way to communicate.
> Thanks
> Davo
>
>
> On 10/30/2012 12:41 PM, [hidden email] wrote:
>> Hi everybody,
>> I'm quite new to Endian and I have a question or two.
>> I have a Web Server published via a "Port Forwarding" rule, very simple.
>> In the "Access From" rules section I have "Allow from: Uplink Any",
>> since everybody can access to the Web Server.
>> Now, someone was trying a nice DoS, attacking the http port from a fixed
>> IP address. The documentation say that I can add an "Access From" rules
>> to tune the IP addresses. But, as far as I can see I can only add
>> "Access From" rules of the "Allow from" type. I can't add a "Deny from:"
>> rule if the original one is the "Allow" type. Is it correct? Or am I
>> missing something?
>> To add a "Deny From" I added a duplicated "Port Forwarding" rule on top
>> of the previous one, identical but for the "Deny From" rule. It works
>> but is this the right way to configure? I'm asking because I know a bit
>> of iptables and sounds a bit unnecessary to me. But as I said, I'm new
>> to Endian and I'd like to know if I'm doing it right.
>> Thanks
>> Davo
>>
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_sfd2d_oct
>> _______________________________________________
>> Efw-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>
> ------------------------------------------------------------------------------
> LogMeIn Central: Instant, anywhere, Remote PC access and management.
> Stay in control, update software, and manage PCs from one command center
> Diagnose problems and improve visibility into emerging IT issues
> Automate, monitor and manage. Do more in less time with Central
> http://p.sf.net/sfu/logmein12331_d2d
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user

------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: EFW 2.5.1 Blocking Single IP address, the right way?

ildavo
Thanks Davide,
telling the truth, I tried the mailing list because I had no answer on
the forum.
Probably my questions are boring :)))
I'll give the forum another try.
Thanks for the answer and the hint!
Davo


On 11/05/2012 10:38 AM, Davide Cottignoli wrote:

> Perhaps it is better to post in efwsupport.com
>
> Davide Cottignoli.
>
>
> Il giorno 05/nov/2012, alle ore 08:57, "[hidden email]" <[hidden email]> ha scritto:
>
>> Am I doing something wrong, or this community isn't very active?
>> Maybe I had my message on the wrong list? If so, please, tell me the
>> right way to communicate.
>> Thanks
>> Davo
>>
>>
>> On 10/30/2012 12:41 PM, [hidden email] wrote:
>>> Hi everybody,
>>> I'm quite new to Endian and I have a question or two.
>>> I have a Web Server published via a "Port Forwarding" rule, very simple.
>>> In the "Access From" rules section I have "Allow from: Uplink Any",
>>> since everybody can access to the Web Server.
>>> Now, someone was trying a nice DoS, attacking the http port from a fixed
>>> IP address. The documentation say that I can add an "Access From" rules
>>> to tune the IP addresses. But, as far as I can see I can only add
>>> "Access From" rules of the "Allow from" type. I can't add a "Deny from:"
>>> rule if the original one is the "Allow" type. Is it correct? Or am I
>>> missing something?
>>> To add a "Deny From" I added a duplicated "Port Forwarding" rule on top
>>> of the previous one, identical but for the "Deny From" rule. It works
>>> but is this the right way to configure? I'm asking because I know a bit
>>> of iptables and sounds a bit unnecessary to me. But as I said, I'm new
>>> to Endian and I'd like to know if I'm doing it right.
>>> Thanks
>>> Davo
>>>
>>> ------------------------------------------------------------------------------
>>> Everyone hates slow websites. So do we.
>>> Make your web apps faster with AppDynamics
>>> Download AppDynamics Lite for free today:
>>> http://p.sf.net/sfu/appdyn_sfd2d_oct
>>> _______________________________________________
>>> Efw-user mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>> ------------------------------------------------------------------------------
>> LogMeIn Central: Instant, anywhere, Remote PC access and management.
>> Stay in control, update software, and manage PCs from one command center
>> Diagnose problems and improve visibility into emerging IT issues
>> Automate, monitor and manage. Do more in less time with Central
>> http://p.sf.net/sfu/logmein12331_d2d
>> _______________________________________________
>> Efw-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/efw-user
> ------------------------------------------------------------------------------
> LogMeIn Central: Instant, anywhere, Remote PC access and management.
> Stay in control, update software, and manage PCs from one command center
> Diagnose problems and improve visibility into emerging IT issues
> Automate, monitor and manage. Do more in less time with Central
> http://p.sf.net/sfu/logmein12331_d2d
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user


------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user