I would like the blacklist to silently DROP instead of “these entries will be sent a response that their traffic has been administratively blocked.” I see no point in confirming our existence to attackers. Not that it will really matter much, but might help DOS attacks.
Is there a way to do this? I’m not sure what effect manually doing this may have on the firewall operation, and I assume any changes to iptables will just get overwritten.
Any help appreciated.
The System Firewall is set to Drop packets by default. You would need to change that to Reject.
If you are seeing Reject’s instead of the packets being dropped go into the Firewall -> Advanced -> Advanced Settings tab and it will be the last option. Just set “Reject Packets” to Disabled. That will cause the system to start Dropping them again.
Thanks, Tom. But I tried that first.
The RESPONSIVE firewall drops by default, but the blacklist default is DENY. Here is the quote from the Blacklist tab:
“To alleviate any potential attacks, you can add any number of hosts or networks here and any traffic from these entries will be sent a response that their traffic has been administratively blocked.”
It is not clear in settings if the Block/Reject affects both the responsive firewall and blacklist. It is clear from the above the default is REJECT. And here is a snipped of IPTables:
Chain fpbxblacklist (1 references)
num target prot opt source destination
1 REJECT all – 138.128.65.66 0.0.0.0/0 reject-with ic mp-port-unreachable
2 REJECT all – 151.106.13.158 0.0.0.0/0 reject-with ic mp-port-unreachable
3 REJECT all – 176.32.32.2 0.0.0.0/0 reject-with ic mp-port-unreachable
4 REJECT all – 185.40.4.85 0.0.0.0/0 reject-with ic mp-port-unreachable
5 REJECT all – 188.161.17.242 0.0.0.0/0 reject-with ic mp-port-unreachable
6 REJECT all – 212.129.12.214 0.0.0.0/0 reject-with ic mp-port-unreachable
7 REJECT all – 212.83.149.140 0.0.0.0/0 reject-with ic mp-port-unreachable
8 REJECT all – 212.83.151.25 0.0.0.0/0 reject-with ic mp-port-unreachable
9 REJECT all – 46.17.46.71 0.0.0.0/0 reject-with ic mp-port-unreachable
10 REJECT all – 46.17.47.197 0.0.0.0/0 reject-with ic mp-port-unreachable
I’m not sure what “mp-port-unreachable” means, but the current action is clearly REJECT and my advanced settings are DROP.
Sorry for using DENY and REJECT interchangeably – that is probably not technically correct, but I’m not a firewall guy. I only understand the “silent” part.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.