Firewall config for single static IP

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Firewall config for single static IP

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Firewall config for single static IP
Firewall config for single static IP
2023-08-01 00:50:36 - last edited 2023-08-02 05:54:06
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2 Build 20230210 Rel.62992

Other than viewing the silent tutorial video, can anyone explain the main simple steps (Omada functions) for configuring a the firewall to block ssh attempts for all ports of a specific IP address.  I used both the hardware and  cloud based controller.  I am getting reports from a local server that login attempts are happening every night at a specific time from an IP address in a far away country.  While I have disabled the service on the server for a specific time period, I would like to stop the attack before it reaches the server.

  0      
  0      
#1
Options
3 Reply
Re:Firewall config for single static IP
2023-08-01 03:26:46

Hi @ThisEngineer 

Thanks for posting in our business forum.

OK. So, if you want to block this, currently, you can use ACL.

In the future firmware update, there will be  IDS/IPS which may be helpful for you. But the ACL should also help you make this happen.

 

 

ACL scheme:

Direction = WAN IN

The source can be Geo IP if you have this GeoIP on V5.12 Controller. Or you can set up a group of IP addresses

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:Firewall config for single static IP
2023-08-01 17:33:44
Thank you for the suggestion and information. Any idea as to how long before the future update is published? Unfortunately, my dashboard doesn't come close enough to truly match the displayed menu indicated but is does help. Lastly, just fyi, my attacker is trying to shh in using random ports instead of the standard well-known port. Therefore, I am hoping to block ssh attempts on any port. Once again, thanks!
  0  
  0  
#3
Options
Re:Firewall config for single static IP
2023-08-02 05:53:49 - last edited 2023-08-02 05:56:22

Hi @ThisEngineer

It's not necessary to use what I have. The version is controller V5.12. 

Like I said you can use the WAN-IN ACL with the IP-Port group to implement what you need. If you don't bother to take a look at it by yourself, then there is nothing else I can offer.

ThisEngineer wrote

Lastly, just fyi, my attacker is trying to shh in using random ports instead of the standard well-known port. Therefore, I am hoping to block ssh attempts on any port. Once again, thanks!

I think you did not understand. The dst port is still 22, you can still block src IP(his regional subnet) and src port 0-65535.

 

You cannot block all src IPs because this even blocks you from accessing SSH. This is the dilemma of port forwarding. Anyone who knows your IP address can access this port. What you can do best is to set up ACL to block known or regional subnets. Or use VPN then.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options