A better way to ask my initial question is:
What is the best way to block all incoming traffic, even to open ports,
while allowing traffic from a limited range of addresses access to a
single port?
For example, say that I have port 22 open for ssh access. With the
default rule, if 92.63.194.18 tries to access any port other than 22 he
will be dropped. However, he can still connect to port 22. By using
dynamic blacklisting (for example, shorewall logdrop 92.0.0.0/8), he
will be silently dropped even when he tries to connect to port 22.
There are only four blocks of IP addresses I need to allow, but they end
up being a lot of logdrop entries. For example, to allow my first group
of 70.56.0.0/14 I need six separate logdrop commands just to block all
of the addresses before that range (0.0.0.0 - 70.55.255.255). I need
eight more commands to block from the end of the first group to the
start of the second group.
On 2/5/2019 4:46 PM, Tom Eastep wrote:
On 2/5/19 1:29 PM, Brent Gordon wrote:
What is the best way to block most, but not all, incoming traffic?
There are four blocks of addresses I want to allow through for remote
administration. Other than traffic from those four blocks I want to
drop all other traffic.
I am running Shorewall version 5.0.4 on a Ubuntu 16.04.5 LTS system.
All of the sample configurations
(http://www.shorewall.org/GettingStarted.html) block all traffic from
the external (net) zone by default. So, if you start with one of those,
you simply have to add entries in /etc/shorewall/rules for the incoming
connections that you want to allow.
-Tom
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
