Results 1 to 4 of 4
  1. #1
    Untangler
    Join Date
    Oct 2008
    Posts
    80

    Default Using IPTables to block China etc

    Some of my clients are getting alot of unwanted traffic from E. Europe and China regarding port scans, dos attacks on their file servers...These are only small companies - maybe between 15-20 users that only have a soho dsl modem/router with say Server2008 on the network as file/print/vpn server...The website and email is hosted via 3rd party.

    As these servers are not webservers I really want to lock it down to be only accessible to IP addresses within it's Country origin for RDP/Remote access etc.

    1: Is it possible therefore to place UT in bridge mode and add IPTables to prevent traffic from say China etc or is this only viable when UT is in router mode?

    2: If UT is placed in router mode is it still advisable or not necessary to place IPTables within it?

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,400

    Default

    IPTables is rather heavily customized by the UVM. It is not recommended to modify it directly, as your rules will simply be dumped every 15min when the UVM refreshes.

    You can configure the firewall module, or the packet filter to drop the related packets.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler
    Join Date
    Oct 2008
    Posts
    80

    Default

    Quote Originally Posted by sky-knight View Post
    IPTables is rather heavily customized by the UVM. It is not recommended to modify it directly, as your rules will simply be dumped every 15min when the UVM refreshes.

    You can configure the firewall module, or the packet filter to drop the related packets.
    Thanks Sky-Knight:
    1: So would the packet filter rules work if the UT is in bridge mode still?
    2: Is it only possible to add the ip addresses individually to the PF?

    I'm guessing that UT in router mode would by default already drop port scans/dos attacks etc or do others for example - secure their box even more with additional PF's?

    T.I.A

  4. #4
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,367

    Default

    If you only permit RDP to inside, its better (i guess) modify the policy of failed attempts logon in the RDP server.
    If you think that the bad boys are far you, and only take preventive measures from them, you can find a big surprise.
    A chain is as strong as its weakest link

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2