Re: [m0n0wall] Newbie needs basic help with reject rules

From:	Andy Wodfer <wodfer at gmail dot com>
To:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Newbie needs basic help with reject rules
Date:	Wed, 25 May 2011 10:11:37 +0200

Ok, thanks!

I thought reject was what I needed to use:
http://doc.m0n0.ch/handbook/faq-webfilter.html

Changing to block now.

Btw, is there ANY way to import a large list of IP addresses that I want to
block? I have about 1300 that's hammering my site. Or perhaps there's an XML
generator that can automate the job for me? Any suggestions?

My IP list is like this (one ip on each line):

200.020.200.200
102.200.000.11
53.22.1.1
and so on...

Thanks!
Andy

---

On Wed, May 25, 2011 at 9:48 AM, Chris Buechler <cbuechler at gmail dot com> wrote:

> On Wed, May 25, 2011 at 3:40 AM, Andy Wodfer <wodfer at gmail dot com> wrote:
> > Hi,
> > I have my first m0n0wall installation up and running and it looks very
> good.
> >
> > I have set up things as following:
> >
> > wan (external ip)
> >
> > lan 10.0.0.1/24
> >
> > I have a webserver on the lan at IP 10.0.0.10. I have set up NAT. The
> server
> > is being DDOS'ed by a few IP addresses on port 80 and I wan't to reject
> > these IP adresses and all ports (source+dest).
> >
> > I'm a little confused about whether putting these reject rules on the WAN
> or
> > LAN? I thought WAN was the correct place, but I still see traffic coming
> > through. Any ideas?
> >
>
> If it's sourced from the Internet, rule goes on WAN. But don't use a
> reject rule against a DOS of any type, use block. Reject will
> exacerbate the issue as it'll cause the firewall to send back a
> connection refused message for every packet.
>