Menu
▾
▴
Re: [Astlinux-users] Deny EXT -> Local
|
From: Michael K. <mic...@ip...> - 2021-08-17 06:44:30
|
Thanks Lonnie.
Hmm that's a bit yucky. I suppose a third option is to use netset.
Regards
Michael Knill
On 17/8/21, 12:52 pm, "Lonnie Abelbeck" <li...@lo...> wrote:
Hi Michael,
You are not missing anything, there is no selective "Deny EXT->Local" as that is the default.
Two solutions come to mind ...
1) Recreate the "Pass EXT->Local" to multiple entries to not include what you don't want to allow.
2) Add a custom rule in /mnt/kd/arno-iptables-firewall/custom-rules to implement the desired "Deny EXT->Local".
-- untested example custom-rules --
deny_ext_local()
{
local proto="$1" host="$2" port="$3"
echo "[CUSTOM RULE] Deny EXT->Local for Proto: $proto, Host: $host, Port: $port"
iptables -A EXT_INPUT_CHAIN -s $host -p $proto --dport $port -j POST_INPUT_DROP_CHAIN
}
deny_ext_local udp 1.2.3.4 5060
deny_ext_local tcp 1.2.3.0/24 5061
--
(and test)
Lonnie
> On Aug 16, 2021, at 8:02 PM, Michael Knill <mic...@ip...> wrote:
>
> Yes.
>
> Regards
> Michael Knill
>
> On 17/8/21, 10:35 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>
> Are you saying you added a "Pass EXT->Local" but now want to deny a subset of that ?
>
> Lonnie
>
>
>
>> On Aug 16, 2021, at 6:20 PM, Michael Knill <mic...@ip...> wrote:
>>
>> Hi Group
>>
>> Forgive my ignorance but just wondering how I do this. I want to block some addresses trying to register to the box from external.
>> PS its not SIP bots etc. Its known trusted addresses.
>>
>> Thanks
>> Regards
>>
>> Michael Knill
>> Managing Director
>>
>> D: +61 2 6189 1360
>> P: +61 2 6140 4656
>> E: mic...@ip...
>> W: ipcsolutions.com.au
>>
>> <image001.png>
>> Smarter Business Communications
>>
>> _______________________________________________
>> Astlinux-users mailing list
>> Ast...@li...
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
>
>
>
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
>
>
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
|
