I’m trying to firewall off an IP. Should be as simple as turn the firewall on and enter an IP in the blacklist, right?
I turn the firewall on (with default settings, AFAIK), and it blocks everything. Ping, SSH, NodeWorx, etc.
Ideas?
bump Bump
What are the other settings in the firewall?
Did you add the Ports 1-65535 all to open? Never tried that but it would seem to me that would cause a conflict with other ports in the same range regardless of if they are open or closed.
I did add that. I only want to block per IP, nothing above layer 3.
Why not use /etc/hosts.deny ?
It only works on TCP and it only works with programs that support it.
In addition, I “pay” for Interworx, so since it has a firewall I want it to work. I’ll give a look at the rules later and let you know how adjusting them works out for me.
I updated Interworx and now it’ll start and not block me off.
No matter how many times I hit update, it would not change the interface to eth1. I had to change it in the config. Ideas how to fix this so it doesn’t overwrite the file?
It is now successfully blocking this Chinese clown. I’m sure someone will attack me soon enough.
I’d like to describe what was happening earlier when you were having everything "blocked’ by Interworx.
APF(our firewall) has 3 ways to define a NIC:
- Untrusted
- Trusted
- Niether
If a NIC was “untrusted”, when the firewall was turned on the firewall rules would be applied to that NIC and traffic would be allowed through on the ports you specify. Essentially, this is the public internet IP NIC.
If a NIC is “trusted”, all traffic is allowed through and nothing is blocked. This should only be used for nics on a private internal network.
If a NIC is neither, then APF blocked all traffic on that NIC. This is probably what was happening before the update. More than likely your had the wrong NIC set to untrusted and the NIC that you were trying to access your server on was set to neither and blocked when you turned the firewall on.
This behaviour changed in the latest APF update. NIC’s designated as “neither” are now treated as untrusted, and all traffic is allowed through with firewall rules in effect.
Johan,
If you are trying to update settings via the Control Panel and they aren’t “sticking”, you should probably open a support ticket so we can fix this for you. This sounds like it is due to the InterWorx version of APF being overwritten by a 3rd party repository, but I can’t be sure unless I see what’s happening on your system.