[BlueOnyx:25662] Re: ip address server-access blocks

[Michael Stauber]

Hi Ed,

> What is the best way to block an ip address from accessing the server 
> and any vsite on the server? Firewall?
> 
> I have the ip addresses from which attacks are being staged on vsites on 
> my server and I need to block them as widely as possible.

There are a couple of ways and this also depends in part on which 
BlueOnyx version you're using.

BlueOnyx 5209R: There you can use either "iptables" or "firewalld" for 
allowing / denying access.

BlueOnyx 5210R: Uses "firewalld" or "nftables".

The easy way for both is to get the "APF" Package from the BlueOnyx 
shop: https://www.solarspeed.net/apf.html

On 5209R this gives you access to APF, which has a nice GUI to allow you 
to configure the IPtables firewall.

On 5210R that purchase grants you access to both APF and a GUI for 
Firewalld. You can install both PKGs, but only one of them can be active 
at the same time.

Honorable mention: You can also set a null-route that remains around 
until the next server reboot or network restart. This works equally well 
on any BlueOnyx version and blocks ALL access to or from the given IP 
address range.

Example:

ip route add unreachable 5.34.207.0/24

Please note that you need to specify an IP address range there and not 
just the IP.

The above example denies any access to and from the IP address range 
5.34.207.0/24, which belongs to Spaceshipnetworks LTD in Kyiv, Ukraine. 
These fuckers have been hammering brute force SMTP connections against 
apparently any internet facing IP for months now. So I usually 
null-route them just to be done with it. :p

-- 
With best regards

Michael Stauber