can i block all foreign ip in openmediavault ?
i am actually using fail2ban and when i check status, there are dozen times log in try even in one day.
so i want to block all ip from overseas. i hope there is solution.
can i block foreign ip ?
-
- gelöst
- OMV 5.x
- leeeunchang
-
That would be somewhat difficult to do and expensive (from a computational effort perspective).
There are providers of services that offer such blocking lists you can use for this purpose. Here is one you can look at:
https://www.ipdeny.com/ipblocks/
I don't think OMV's firewall interface would be usable for this format and that large of a scope, but it should be possible to configure IPtables by hand with such a list of networks.
Personally, I think you are overreacting. You would be better off continuing with fail2ban or similar (I use denyhosts).
If you are exposing something like sshd to the internet on the standard TCP port 22, you will see frequent and sometimes highly aggressive attempts to break into your server. You should move the exposed port to something else that is not a well known service port. This will reduce the attempts to a level that is so low, perhaps even to zero, so you can just ignore it.
My sshd has been probed exactly once in the last four years. Someone ran Ncrack against it once they discovered the port. It was impressive to see several thousand failed login attempts happen in the space of just a few seconds (having a 600mbit internet connection aggravates this). This happened so fast, denyhosts couldn't react fast enough to block the offending IP to prevent the initial attempts. But after a few seconds the IP was blocked and nothing further was logged.
Good luck.
-
leeeunchang
Hat das Label gelöst hinzugefügt. -
Even if labelled resolved: Maybe you want to have a look at the SOPHOS UTM. Is free for individuals up to 50 IP addresses, and has the feature "country blocking", in which you can choose which countries are automatically blocked. I use this feature for the same reason as you; if I don't have people from foreign countries, these accesses from these countries can be automatically blocked/dropped without any further ado.
You need to register, and can obtain a licence free of charge for 3 years, with free renewal when expiring. Using it since almost 6 years, could not be happier. Download the ISO-file, and set it up on a refurbished PC with 2 network cards, it's an inexpensive, perfect solution.
Link to the ISO - you need to choose the most recent "ASG"-iso
-
Even if labelled resolved: Maybe you want to have a look at the SOPHOS UTM. Is free for individuals up to 50 IP addresses, and has the feature "country blocking", in which you can choose which countries are automatically blocked. I use this feature for the same reason as you; if I don't have people from foreign countries, these accesses from these countries can be automatically blocked/dropped without any further ado.
You need to register, and can obtain a licence free of charge for 3 years, with free renewal when expiring. Using it since almost 6 years, could not be happier. Download the ISO-file, and set it up on a refurbished PC with 2 network cards, it's an inexpensive, perfect solution.
Link to the ISO - you need to choose the most recent "ASG"-iso
is there a guide or something ? i want to try
-
I use SWAG to publish things and it contains GeoLite2.
Swag info here: https://docs.linuxserver.io/general/swag
-
-
If you are going to replace your router device, you can also try pfSense.
It comes with pfBlockerNG, it can support GeoIP decision + DNSBL/IP ad blocking, I am using it to filter out almost 1/4 of traffic daily, and quite a lot of ads/trackings were gone.
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!
