I've said it before and I'll say it again: iptables -I zone_wan -j DROP And if you really need access from wan INSERT a rule before that DROP. Regards, Maciej On Mon, Jan 28, 2013 at 4:44 PM, Török Edwin wrote: > On 01/13/2013 11:15 AM, Török Edwin wrote: > > On 01/13/2013 06:50 AM, Dave Taht wrote: > >> one of the underused features of cerowrt is that I stuck a sensor on > >> xinetd to detect attempts to telnet or ftp to the router and cut off > >> access to some other services, notably ssh. > > > > I don't see this on my cerowrt, is this only in the 3.7.x series? > > > >> > >> I would have loved to extend this facility to either do it entirely in > >> iptables or leverage xinetd to talk to iptables to (for example) > >> disable access to the web server. > >> > >> I'm curious if anyone elses server logs ever show something like this > >> in the Real World: > >> > >> Jan 12 20:44:02 europa daemon.crit xinetd[3273]: 3273 {process_sensor} > >> Adding 190.185.12.121 to the global_no_access list for 120 minutes > > With 3.7.4 I see these now on my home router, so its definetely working: > root@OpenWrt:~# logread|grep xinetd|grep Adding|wc -l > 20 > > The IPs are from Russia, Peru, Colombia, Egypt, UK, Kuwait, Turkey, > Azerbaijan. > > > Best regards, > --Edwin > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel >