[ previous ] [ next ] [ threads ]
 From:  Andy Wodfer <wodfer at gmail dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Newbie needs basic help with reject rules
 Date:  Wed, 25 May 2011 10:11:37 +0200
Ok, thanks!

I thought reject was what I needed to use:

Changing to block now.

Btw, is there ANY way to import a large list of IP addresses that I want to
block? I have about 1300 that's hammering my site. Or perhaps there's an XML
generator that can automate the job for me? Any suggestions?

My IP list is like this (one ip on each line):
and so on...



On Wed, May 25, 2011 at 9:48 AM, Chris Buechler <cbuechler at gmail dot com> wrote:

> On Wed, May 25, 2011 at 3:40 AM, Andy Wodfer <wodfer at gmail dot com> wrote:
> > Hi,
> > I have my first m0n0wall installation up and running and it looks very
> good.
> >
> > I have set up things as following:
> >
> > wan (external ip)
> >
> > lan
> >
> > I have a webserver on the lan at IP I have set up NAT. The
> server
> > is being DDOS'ed by a few IP addresses on port 80 and I wan't to reject
> > these IP adresses and all ports (source+dest).
> >
> > I'm a little confused about whether putting these reject rules on the WAN
> or
> > LAN? I thought WAN was the correct place, but I still see traffic coming
> > through. Any ideas?
> >
> If it's sourced from the Internet, rule goes on WAN. But don't use a
> reject rule against a DOS of any type, use block. Reject will
> exacerbate the issue as it'll cause the firewall to send back a
> connection refused message for every packet.