Firewall Source or destination

Started by forum111, August 23, 2024, 03:17:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 23, 2024, 03:17:29 PM Last Edit: August 23, 2024, 03:21:16 PM by forum111
I do not know how to block list of IPs? I want to block attacker from outside?
I have OpenVPN interface for external vpn clients. Plase take a look what I have made. Is this the correct way?

I just want to block external request to vpn clients (from external clients to internal vpn client).

On router OpenVPN server is running and OpenVPN interface is part of the entire network workflow.

August 23, 2024, 03:27:17 PM #1
What is not ALLOWed on your VPN interface is blocked by default. No need for a specific block rule. Simply only allow clients/ports you want to happen and it should work.
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
August 23, 2024, 04:26:46 PM #2 Last Edit: August 23, 2024, 04:34:52 PM by forum111
I do not want to block vpn clients who trying to connect to my VPN server. I want to block all request from external web to internal network. I do not understand direction (source: BLOCK_IP_LIST, destination:any) or reverse?

Block_ip_list is firewall aliase with ip list of attackers(hackers list).





Quote from: chemlud on August 23, 2024, 03:27:17 PM
What is not ALLOWed on your VPN interface is blocked by default. No need for a specific block rule. Simply only allow clients/ports you want to happen and it should work.
August 23, 2024, 04:37:26 PM #3
How should "external web" (can you explain?) reach your "VPN server"?

If you mean that some random client from the internet sends packages to your open port for the VPN on WAN: You have to block on WAN all IPs not belonging to your allowed VPN Clients. Target port: The VPN port you use. A "list of hackers" is nonsense, sorry.
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
August 23, 2024, 06:10:12 PM #4
Agree, most of the IP are cloude machines used for spam, attacks,etc..

The external network is outside my local network.

For WAN, I want to add rule:
- block request from external network (web). Who attempt to send ping for example to my router. Which is source and which is destination? For example: source is blocked_ip, destination is any.
August 23, 2024, 06:14:39 PM #5
Quote from: forum111 on August 23, 2024, 06:10:12 PM
For WAN, I want to add rule:
- block request from external network (web).

Then noone will be able to access the VPN.
August 23, 2024, 06:16:33 PM #6
 Why? I want to block just two IPs of attackers. All others are allowed.
1 rule block list
2 rule allow all requests
Print
Go Up Pages1
User actions