[arm-allstar] Selective IP Blocking

Danny K5CG k5cg at hamoperator.org
Fri Feb 16 22:42:18 EST 2024


>I wish geo IP blocking was a lot easier

Not so easy with iptables alone, but there is no reason you can't put a firewall on the front door that does. OPNSense, for example is easy to setup.

73 
Danny, K5CG 
HH 550-000-0609 
SKCC 14257

----- Original Message -----
From: "ARM Allstar" <arm-allstar at hamvoip.org>
To: "ARM Allstar" <arm-allstar at hamvoip.org>
Cc: "Benjamin Naber" <silver at julesenigma.com>
Sent: Friday, February 16, 2024 4:25:39 PM
Subject: Re: [arm-allstar] Selective IP Blocking

Steve the IP tables while daunting at first are actually the most effective
and the most powerful way to protect your system at the network level.

Scammers hackers and others nefarious actors are trying to get into systems
will find how your firewall works and especially if their software systems
in place and attempt to load it down.

IP tables that set to drop all packets that are not on specific ports is
the most effective. Not to mention it utilizes the least amount of
resources.

For some high profile systems we lock down IP access to certain networks,
such as home, office and cellular.

I wish geo IP blocking was a lot easier on iptables because a lot of
scamming and hacking does come from China Indonesia Russia another
nefarious countries where allstarlink doesn't exist.


On Wed, Feb 14, 2024, 06:09 Steve Piotrowski via ARM-allstar <
arm-allstar at hamvoip.org> wrote:

> i'm following this as well, as we're having a similar issue with constant
> bogus login attempts. I did try to enable the basic allstar firewall in the
> allstar.env but the log then has this error:
>
> Feb 14 06:03:49 localhost systemd[1]: Started OpenSSH Daemon.
> Feb 14 06:03:50 localhost rc.local[311]: /usr/local/etc/rc.allstar:
> line 62: /etc/openvpn/firewall: No such file or directory
>
> which to me means something didn't work?
>
> iptables looks like an option, saw some guidance in the hamvoip wiki
> after searching but some of it seems dated.
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>
_______________________________________________

ARM-allstar mailing list
ARM-allstar at hamvoip.org
http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar

Visit the BBB and RPi2/3/4 web page - http://hamvoip.org


More information about the ARM-allstar mailing list