I do not know how to block list of IPs? I want to block attacker from outside?
I have OpenVPN interface for external vpn clients. Plase take a look what I have made. Is this the correct way?
I just want to block external request to vpn clients (from external clients to internal vpn client).
On router OpenVPN server is running and OpenVPN interface is part of the entire network workflow.
What is not ALLOWed on your VPN interface is blocked by default. No need for a specific block rule. Simply only allow clients/ports you want to happen and it should work.
I do not want to block vpn clients who trying to connect to my VPN server. I want to block all request from external web to internal network. I do not understand direction (source: BLOCK_IP_LIST, destination:any) or reverse?
Block_ip_list is firewall aliase with ip list of attackers(hackers list).
Quote from: chemlud on August 23, 2024, 03:27:17 PM
What is not ALLOWed on your VPN interface is blocked by default. No need for a specific block rule. Simply only allow clients/ports you want to happen and it should work.
How should "external web" (can you explain?) reach your "VPN server"?
If you mean that some random client from the internet sends packages to your open port for the VPN on WAN: You have to block on WAN all IPs not belonging to your allowed VPN Clients. Target port: The VPN port you use. A "list of hackers" is nonsense, sorry.
Agree, most of the IP are cloude machines used for spam, attacks,etc..
The external network is outside my local network.
For WAN, I want to add rule:
- block request from external network (web). Who attempt to send ping for example to my router. Which is source and which is destination? For example: source is blocked_ip, destination is any.
Quote from: forum111 on August 23, 2024, 06:10:12 PM
For WAN, I want to add rule:
- block request from external network (web).
Then noone will be able to access the VPN.
Why? I want to block just two IPs of attackers. All others are allowed.
1 rule block list
2 rule allow all requests