what about just blocking that IP in your ftp server. Or is your ftp server not capable of that ? The connection will propably end after a short time.
> I tried to use IP tables at one point but it didn't seem to stick after a > reboot. Soon as I shut down then brought back the Endian box the rule was > gone. Is there something that needs done to "commit" the rule? > > Brains wrote: >> >> Such an ugly workaround for something that is ideally as simple as: >> iptables -A INPUT --src xx.xx.xx.xx --dport 21 -j DROP >> >> >> >> On Tue, Nov 25, 2008 at 9:46 PM, Herb Hill <[EMAIL PROTECTED]> wrote: >> >>> Just a thought- how about efw outbound rules to block traffic from >>> behind >>> efw that has a destination of the ip you want to block? Getting nothing >>> back might dissuade him from trying further. Or, put a port forward rule >>> at >>> the top of your list that forwards ftp ports to a non existant internal >>> IP >>> when the source IP is the one that is hacking you. >>> >>> Might work. >>> >>> ----- Original Message ----- >>> From: "danodemano" <[EMAIL PROTECTED]> >>> To: <efw-user@lists.sourceforge.net> >>> Sent: Tuesday, November 25, 2008 7:57 PM >>> Subject: Re: [Efw-user] Block IP from RED Interface >>> >>> >>> > >>> > I know this, which is why I want to block certain IP's. I have no >>> problem >>> > with SSH, I don't allow access from the outside, only through a VPN >>> > tunnel. >>> > I could use a different port for the FTP but there are a number of >>> people >>> > who already know and use it the way that it is configured so that's >>> easier >>> > said than done. >>> > >>> > compdoc wrote: >>> >> >>> >> ftp and ssh ports are just going to be tested. No way to use >>> >> a different port number for ftp? >>> >> >>> >> I always keep the ssh service disabled until I need it... >>> >> >>> >> >>> >> >>> >> -----Original Message----- >>> >> From: danodemano [mailto:[EMAIL PROTECTED] >>> >> Sent: Tuesday, November 25, 2008 4:29 PM >>> >> To: efw-user@lists.sourceforge.net >>> >> Subject: Re: [Efw-user] Block IP from RED Interface >>> >> >>> >> >>> >> Guess that's a no. I have a new IP now that's hacking on it >>> >> and some 600 >>> >> PAGES of logs just since this morning. It would be very >>> >> nice to be able to >>> >> block this (these) IP addresses. ;) >>> >> >>> >> danodemano wrote: >>> >>> >>> >>> I have a, what I hope to be, quick question. I have an IP >>> >> address that is >>> >>> hacking on the FTP server sitting behind my Endian box. >>> >> The server is >>> >>> NATed. Just in the past about 12 hours, it's filled up >>> >> nearly 400 pages >>> >>> in my IDS logs. Is there a simply way to just outright >>> >> ban this IP? >>> >>> Thanks for your help! >>> >>> >>> >> >>> >> -- >>> >> View this message in context: >>> >> http://www.nabble.com/Block-IP-from-RED-Interface-tp20564483 >>> >> p20691782.html >>> >> Sent from the efw-user mailing list archive at Nabble.com. >>> >> >>> >> >>> >> ------------------------------------------------------------ >>> >> ------------- >>> >> This SF.Net email is sponsored by the Moblin Your Move >>> >> Developer's challenge >>> >> Build the coolest Linux based applications with Moblin SDK & >>> >> win great prizes >>> >> Grand prize is a trip for two to an Open Source event >>> >> anywhere in the world >>> >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> >> _______________________________________________ >>> >> Efw-user mailing list >>> >> Efw-user@lists.sourceforge.net >>> >> https://lists.sourceforge.net/lists/listinfo/efw-user >>> >> >>> >> >>> >> >>> ------------------------------------------------------------------------- >>> >> This SF.Net email is sponsored by the Moblin Your Move Developer's >>> >> challenge >>> >> Build the coolest Linux based applications with Moblin SDK & win great >>> >> prizes >>> >> Grand prize is a trip for two to an Open Source event anywhere in the >>> >> world >>> >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> >> _______________________________________________ >>> >> Efw-user mailing list >>> >> Efw-user@lists.sourceforge.net >>> >> https://lists.sourceforge.net/lists/listinfo/efw-user >>> >> >>> >> >>> > >>> > -- >>> > View this message in context: >>> > >>> http://www.nabble.com/Block-IP-from-RED-Interface-tp20564483p20692806.html >>> > Sent from the efw-user mailing list archive at Nabble.com. >>> > >>> > >>> > >>> ------------------------------------------------------------------------- >>> > This SF.Net email is sponsored by the Moblin Your Move Developer's >>> > challenge >>> > Build the coolest Linux based applications with Moblin SDK & win great >>> > prizes >>> > Grand prize is a trip for two to an Open Source event anywhere in the >>> > world >>> > http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> > _______________________________________________ >>> > Efw-user mailing list >>> > Efw-user@lists.sourceforge.net >>> > https://lists.sourceforge.net/lists/listinfo/efw-user >>> > >>> >>> >>> ------------------------------------------------------------------------- >>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>> challenge >>> Build the coolest Linux based applications with Moblin SDK & win great >>> prizes >>> Grand prize is a trip for two to an Open Source event anywhere in the >>> world >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> _______________________________________________ >>> Efw-user mailing list >>> Efw-user@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/efw-user >>> >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the >> world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> Efw-user mailing list >> Efw-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/efw-user >> >> > > -- > View this message in context: > http://www.nabble.com/Block-IP-from-RED-Interface-tp20564483p20699718.html > Sent from the efw-user mailing list archive at Nabble.com. > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
