Firewall issues

I have blocked an IP address in the firewall, yet I’m still taking invites from the friendly-scanner from the blocked IP address. What’s the deal. Shouldn’t the firewall block the IP address I have listed as black listed?

What group does the main interface belong to? Trusted or Internet?

How are you detecting the invites?

I ask because if you see them inside your firewall then indeed the firewall needs looking at, if however you are using a low level tool like isngrep or wireshark , then you will always see those invites as you are setting to ‘promiscuous’ your network interface, which means you are looking at raw IP packets that of course you have no control over, but ideally then the down-line ‘iptables rules’ (firewall) should DROP (or not so cleverly DENY) them before they reach your network.

That make sense.
ngrep is seeing the packets before iptables can drop them

isngrep, i don’t think I used this tool. I will check it out.

Probably wont find it , that’s a typo :slight_smile:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.