search

juanfranblanco / rt-n56u

Automatically exported from code.google.com/p/rt-n56u
0 stars 0 forks source link

Question Is there a way to Block incoming ip on wan side? #212

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?
1.0.1.8e-p2

Please provide any additional information below.

Is there a way to block a specific incoming IP on the WAN side?

Thanks for all your effort, great firmware, love it.

Original issue reported on code.google.com by RobertPlouffe on 12 Apr 2012 at 9:56

GoogleCodeExporter commented 9 years ago 
Hello,

Sorry, I think I haven't understood correctly the 'WAN side'. Could you please 
explain it? I think, yes, sure it is possible, using iptables rules.

Original comment by d...@soulblader.com on 12 Apr 2012 at 10:32

GoogleCodeExporter commented 9 years ago 
I think I know what Robert means - blocking one IP or block of IPs incoming 
connections from internet. I have the same situation, I have the Remote Desktop 
Port open and forwarded to my web server and some specific IPs are trying 
(automatically) to guess the password for 'administrator' on my web server. Of 
course they won't succeed as 'administrator' account is disabled on my server 
and I'm using another account having administrator privileges. But those IPs 
are annoying I'd wish to have a way to block those IPs directly from my router, 
to not allow them to reach my server even if the RDC port is open. A list of 
IPs or block of IPs which are automatically rejected by the router even if they 
try to connect to an opened port.

Original comment by bluesurv...@gmail.com on 13 Apr 2012 at 9:46

GoogleCodeExporter commented 9 years ago 
By annoying I meant the password guessing process is 100% automated and they 
try at every few seconds to authenticate using different passwords (probably 
dictionaries). Basically I'm saying there are brute-force attacks using 
dictionaries on my Remote Desktop Connection port forwarded from internet to my 
web server (through the router). Would be nice to avoid the usage of my 
server's resources on RDC authentication processes created at every few seconds.

Original comment by bluesurv...@gmail.com on 13 Apr 2012 at 10:38

GoogleCodeExporter commented 9 years ago 
It's quite simple to do. Suppose you have a text file with the list of such ip 
addresses. Let it be - /opt/etc/ipblock.

# cat /opt/etc/ipblock
xxx.xxx.xxx.xxx
yyy.yyy.yyy.yyy
zzz.zzz.zzz.zzz

So, you need to edit /opt/etc/init.d/S10iptables, and add something like:

#!/bin/sh

wan_iface=`nvram get wan0_ifname`
ip_blacklist=/opt/etc/ipblock

case "$1" in
start|update)

  for ip in `cat ${ip_blacklist}` ; do
    iptables -I INPUT -i $wan_iface -s $ip -j DROP
  done
  ;;

stop)

  for ip in `cat ${ip_blacklist}` ; do
    iptables -D INPUT -i $wan_iface -s $ip -j DROP
  done
  ;;

esac

exit 0

Original comment by d...@soulblader.com on 13 Apr 2012 at 10:49

GoogleCodeExporter commented 9 years ago 
They are using Johny-the-Ripper possibly ))

Original comment by d...@soulblader.com on 13 Apr 2012 at 10:50