From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ob0-f177.google.com (mail-ob0-f177.google.com [209.85.214.177]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id A412221F17F for ; Mon, 28 Jan 2013 10:49:37 -0800 (PST) Received: by mail-ob0-f177.google.com with SMTP id wc18so1838276obb.36 for ; Mon, 28 Jan 2013 10:49:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=u8XEiks3XdhgEFX8hvAJgR6MNw6h8u86ehxXpPqGYPM=; b=bvHEP5xFXiRvziwiiO9Iexqsc20cRc+DiE7AlTIjjVdqHeeZKhBHTIpXqdb1cCk0s5 pqIPcuRwPCdZZrbG3lQmwrxZms6MKshEyfxOgArxUtHWryUA3t1Lv55aB9FSzuSG3QLq Phnp9Y/BbVb5nwC+pDcUaBt0+pNR0etruDMGMVQ9Nb1BaSe6iUg0kycMevQ2Wn4itUmG 0OeKsMw6zPz49yBrQDuwdGzzsXIXDKLvvVu4aBM9dWBe89BjtoNe9h4iAtJ4hegUs2WR Uj8wgOuJT4W1XzsSFG9pFBwkq9Cybp3w58i3O6UBFiUYpv5iH/fyAalXLf4yGBAMXNVe wO9w== MIME-Version: 1.0 X-Received: by 10.60.169.41 with SMTP id ab9mr11728766oec.58.1359398976593; Mon, 28 Jan 2013 10:49:36 -0800 (PST) Received: by 10.76.80.99 with HTTP; Mon, 28 Jan 2013 10:49:36 -0800 (PST) X-Originating-IP: [2001:470:70:31e::2] In-Reply-To: <51069CCE.4010504@etorok.net> References: <50F27B34.503@etorok.net> <51069CCE.4010504@etorok.net> Date: Mon, 28 Jan 2013 19:49:36 +0100 Message-ID: From: Maciej Soltysiak To: =?UTF-8?B?VMO2csO2ayBFZHdpbg==?= Content-Type: multipart/alternative; boundary=bcaec54b4ff21ba00604d45dbdfc X-Gm-Message-State: ALoCoQmRncqj9Yxc99rAgBZWTyJWxx9L08W2v0AtDZrM6qTg2Y75scVj3ydDIFpphNlpQB16h/Yr Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] blocking probes... X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jan 2013 18:49:37 -0000 --bcaec54b4ff21ba00604d45dbdfc Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I've said it before and I'll say it again: iptables -I zone_wan -j DROP And if you really need access from wan INSERT a rule before that DROP. Regards, Maciej On Mon, Jan 28, 2013 at 4:44 PM, T=C3=B6r=C3=B6k Edwin wrote: > On 01/13/2013 11:15 AM, T=C3=B6r=C3=B6k Edwin wrote: > > On 01/13/2013 06:50 AM, Dave Taht wrote: > >> one of the underused features of cerowrt is that I stuck a sensor on > >> xinetd to detect attempts to telnet or ftp to the router and cut off > >> access to some other services, notably ssh. > > > > I don't see this on my cerowrt, is this only in the 3.7.x series? > > > >> > >> I would have loved to extend this facility to either do it entirely in > >> iptables or leverage xinetd to talk to iptables to (for example) > >> disable access to the web server. > >> > >> I'm curious if anyone elses server logs ever show something like this > >> in the Real World: > >> > >> Jan 12 20:44:02 europa daemon.crit xinetd[3273]: 3273 {process_sensor} > >> Adding 190.185.12.121 to the global_no_access list for 120 minutes > > With 3.7.4 I see these now on my home router, so its definetely working: > root@OpenWrt:~# logread|grep xinetd|grep Adding|wc -l > 20 > > The IPs are from Russia, Peru, Colombia, Egypt, UK, Kuwait, Turkey, > Azerbaijan. > > > Best regards, > --Edwin > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > --bcaec54b4ff21ba00604d45dbdfc Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I've said it before and I'll say it again:
iptables = -I zone_wan -j DROP
And if you really need access from=C2=A0w= an INSERT a rule=C2=A0before that DROP.
=C2=A0
Regards,=
Maciej

=C2=A0
On Mon, Jan 28, 2013 at 4:4= 4 PM, T=C3=B6r=C3=B6k Edwin <edwin+ml-cerowrt@etorok.net>= wrote:
On 01/13/2013 11:15 AM, T=C3=B6r=C3=B6k Edwin wrote:
> On 01/13/2013 06:50 AM, Dave Taht wrote:
>> one of the underused features of cerowrt is that I stuck a sensor = on
>> xinetd to detect attempts to telnet or ftp to the router and cut o= ff
>> access to some other services, notably ssh.
>
> I don't see this on my cerowrt, is this only in the 3.7.x series?<= br> >
>>
>> I would have loved to extend this facility to either do it entirel= y in
>> iptables or leverage xinetd to talk to iptables to (for example) >> disable access to the web server.
>>
>> I'm curious if anyone elses server logs ever show something li= ke this
>> in the Real World:
>>
>> Jan 12 20:44:02 europa daemon.crit xinetd[3273]: 3273 {process_sen= sor}
>> Adding 190.185.12.121 to the global_no_access list for 120 minutes=

With 3.7.4 I see these now on my home router, so its definetely worki= ng:
root@OpenWrt:~# logread|grep xinetd|grep Adding|wc -l
20

The IPs are from Russia, Peru, Colombia, Egypt, UK, Kuwait, Turkey, Azerbai= jan.


Best regards,
--Edwin
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.= bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

--bcaec54b4ff21ba00604d45dbdfc--