Hi,
in the FTP log I'm noticing strange FTP sessions... Are these bad people, trying to get into my server or what else could it be? Which settings could prevent that?
Thanks guys!
Hi,
in the FTP log I'm noticing strange FTP sessions... Are these bad people, trying to get into my server or what else could it be? Which settings could prevent that?
Thanks guys!
220.132.255.239
CHTD, Chunghwa Telecom Co.,Ltd.
Taipei, Taiwan, 100
119.177.160.27
China Unicom Shandong Province Network
No.21,Jin-Rong Street
Beijing,100033
P.R.China
You exposed the service to the touch of the world, various strange things will touch it. Limit the IP range using firewall or hide ftp behind nat. Unless you have to expose the service to the world, take into account that different bs will try to connect. If your car is standing on the street, anyone who wants to pass by can simply touch it and check if the doors are closed or can be opened.
Yes, thats whats i thought... Ok, i will check my available options.
Btw: please don't touch my car
The question is, do you need to have ftp publicly available to the whole world. If not, block all IPs and allow only those that belong to you and need access to ftp. Same for other services you have running in omv!
If something does not have to be available from outside your lan block access to it. If you need to have access to your omv somewhere outside your lan maybe think of a zerotier or vpn.
I have already published firewall rules in this forum. If you're interested, you can search. But nobody was interested in it ...
And of course, always make sure that the software is up-to-date and that there is no anonymous access to services.
Your car is publicly available. Anyone can touch it. No law prohibits this. For this, put it in a private guarded garage!!!
I have already published firewall rules in this forum. If you're interested, you can search.
I didn´t find your post straightaway. There are several threads related to this topic.
But nobody was interested in it ...
I would not assume, that nobody is interested in. Firewall rules are generally a very complex issue and only view users are familiar with it.
Look at your spoiler from the other thread:
-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,PSH,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A INPUT -f -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j DROP
-A INPUT -p udp -m udp --dport 8080 -j DROP
-A INPUT -p tcp -m tcp --dport 3389 -j DROP
-A INPUT -s 192.168.1.1/32 -i enx001e0630caa8 -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j DROP
-A INPUT -s 127.0.0.0/8 -i lo -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j DROP
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 127.0.0.0/8 -j DROP
-A OUTPUT -d 9.9.9.9/32 -p udp -j ACCEPT
-A OUTPUT -d 9.9.9.9/32 -p tcp -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -m state --state NEW -m tcp -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -m tcp -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 21 -m state --state NEW -m tcp -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type any -m limit --limit 1/sec -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type any -j DROP
-A OUTPUT -j DROP
Firewall rules are generally a very complex issue and only view users are familiar with it.
Yes and no. A few simple rules for the average user at home I would rather not call complicated. And no matter what fw or operating system. We are not building here a set of rules for a large complex network where the level of threats is high.
I am always sad when so few people use a firewall. It is not about any complicated rule sets but rather a simple in / out control policy and awareness of what the user's computer or network is doing. If soho routers did not have NAT then the situation would be absurd with the number of publicly available services without people being aware of what their computer is doing.
Of course, I advise against doing copy / paste without knowing at least to a minimum what the rules do. Because you can block or open something that you did not plan.
Unfortunately, also a very large number of guides on the web is now quite outdated and often introduces more errors to the user's thought process.
in my opinion, a firewall should be treated like a door with locks and this is how the user should think about it. But even in the linux world there is such a narrative that a firewall is not especially needed for a novice user. And thus you don't develop habits of using and learning it.
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!