Block access by ip address on Smoothwall.

chrisknight · 09-08-2003, 08:18 PM

I have an apache web server and vsftpd server behind a smoothwall box.
I have noticed suspicious activity on my IDS logs and I’m wondering if there is a way to block that IP or range of IP’s from accessing any service I am running.

david_ross · 09-09-2003, 01:38 PM

Take a look at the "services -> external service access" page.

chrisknight · 09-09-2003, 04:35 PM

I understand that in 'external service access" you can define what ip addresses you want to grant access, and leave the space blank for "ALL".

I.E. Leave the space blank for port 80, and every IP gets access.
Define 65.25.25.25 for port 80 and only that IP gets access.

I want to do the opposite. I want to allow everyone but block specific IP or range of IP's.

I dont want to define who can get access.
I want to define who can't.

chrisknight · 09-13-2003, 07:03 AM

I tried to do:
iptables -I INPUT -s 65.0.0.0/24 -j DROP
But it didnt work.
Im still getting hammered by this "ICMP PING CyberKit 2.2 Windows" from various IP's. 1-5 a minute consistently, even though I an dropping ICMP echo requests from the outside world.

This thread relates to this one:
http://www.linuxquestions.org/questi...threadid=89681

chrisknight · 09-13-2003, 11:23 AM

This is really what I need I guess...

http://assets.smoothwall.net/assets/...figuration.png

chrisknight · 09-15-2003, 04:07 PM

OK, found the answer.
This is if you wish to block an internet ip range from accessing anything from your IP.

edit /etc/rc.d/rc.firewall.up, and immediately after the line containing:
iptables -P OUTPUT ACCEPT
add this:
iptables -A INPUT -p all -s a.0.0.0/8 -j DROP
where a. is the range you want to block
like this:
iptables -A INPUT -p all -s 65.0.0.0/8 -j DROP

david_ross · 09-21-2003, 08:57 AM

Sorry for the late reply - I have been on holiday for a week.

Good to see you got it working.