Information Security Asked by appDeveloper on December 28, 2020
I’m not trained in Linux, but I think I found the solution to my problem documented, but it is not working as expected. I am NOT an iptables guru, I’m learning as I go.
A Russian IP is trying to hack my network, especially an email server I have running on my network. So I have a port forward of port 25 to the mail server machine. My router is running TomatoUSB – a Linux based router I have root ssh access to.
I’ve tried this command:
iptables -I INPUT -s 126.96.36.199 -j DROP
iptables -L -nv
returns a lot of stuff, and now at the very beginning looks like this:
Chain INPUT (policy DROP 9 packets, 504 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 188.8.131.52 0.0.0.0/0
This did not stop the traffic, though, as my email server is still reporting connection attempts from this IP address, so the rule is not dropping anything.
Perhaps the INPUT chain is not where I need to add this? I’m not yet educated on the different chains yet. INPUT intuitively seemed like the right place, but because this is a NAT router, should I really have some sort of rule in the FORWARD chain that can say not to forward to anyone if this is the source address?
Seems like what I want to do should not be difficult, but I’m struggling to figure this one out so far.
As I wrote "Perhaps the INPUT chain is not where I need to add this" I decided to look more closely at the output of the iptables -L -nv command. Sure enough, I found a chain called "wanin" that has all my port forwarding rules. Aha moment - I want to block some port forwarding!
So I changed my command to:
iptables -I wanin -s 184.108.40.206 -j DROP
and lo and behold - the constant logging in my email server logs of attempts to login from this address has stopped!
Now I have to figure out how to add this to a script run when the router reboots. This command is not "permanent" or remembered between boots.
I'll also probably change the source to 220.127.116.11/24 to block the whole subnet.
Answered by appDeveloper on December 28, 2020
1 Asked on August 4, 2020 by user23013
1 Asked on July 29, 2020 by happyface
3 Asked on July 27, 2020 by ares
1 Asked on July 25, 2020 by mani-bharathy
1 Asked on July 22, 2020 by ultra-gamer
Get help from others!
© 2023 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP