1
20.7 Legacy Series / Feature Request: Firewall rule IP addition
« on: October 16, 2020, 04:25:44 am »
Suggestion for firewall feature:
IP addition:
This will add the source IP to a specific alias (choosable in dropdown), once a match is found in the rule.
The time the IP will remain in the alias, should also be able to be defined, once the IP is expired, its auto-deleted from alias.
However, if IP is already in alias, nothing happens.
What this can be used for (2 examples):
1: Banning port scanners. This by defining rules for all non-open ports, and then directing the firewall to add the IP to alias.
Example:
Source:banned to Any DROP
Source:Any to port 1-79 DROP (add ip to alias banned expiry=30min)
Source:Any to port 80 PASS
anyone that sends any packet to 1-79 will not be able to connect to port 80 for the next 30 minutes.
2: Implementing port knocking. This by defining a alias for every port you want to be part of your "sequence", and then creating rules to define this "chain".
For example:
source:Any to port 35 DROP (add ip to alias step2 expiry=10sec)
source:step2 to port 65 DROP (add ip to alias step3 expiry=10sec)
source:step3 to port 96 DROP (add ip to alias step4 expiry=1hour)
source:step4 to port 22 PASS
Connecting to 35, 65 and 96 in sequence, even if all packets are dropped, will then open port 22 for you.
IP addition:
This will add the source IP to a specific alias (choosable in dropdown), once a match is found in the rule.
The time the IP will remain in the alias, should also be able to be defined, once the IP is expired, its auto-deleted from alias.
However, if IP is already in alias, nothing happens.
What this can be used for (2 examples):
1: Banning port scanners. This by defining rules for all non-open ports, and then directing the firewall to add the IP to alias.
Example:
Source:banned to Any DROP
Source:Any to port 1-79 DROP (add ip to alias banned expiry=30min)
Source:Any to port 80 PASS
anyone that sends any packet to 1-79 will not be able to connect to port 80 for the next 30 minutes.
2: Implementing port knocking. This by defining a alias for every port you want to be part of your "sequence", and then creating rules to define this "chain".
For example:
source:Any to port 35 DROP (add ip to alias step2 expiry=10sec)
source:step2 to port 65 DROP (add ip to alias step3 expiry=10sec)
source:step3 to port 96 DROP (add ip to alias step4 expiry=1hour)
source:step4 to port 22 PASS
Connecting to 35, 65 and 96 in sequence, even if all packets are dropped, will then open port 22 for you.