Internet Related/Filtering/Firewall Thread, Ubuntu 12.04 LTS , GeoIP, IPTables & UFW in Technical; Hi,
My Ubuntu webserver is getting lots of unwanted attention. I enabled UFW and started blocking individual IP addresses, this ...
10th July 2013, 12:52 PM #1
- Rep Power
Ubuntu 12.04 LTS , GeoIP, IPTables & UFW
My Ubuntu webserver is getting lots of unwanted attention. I enabled UFW and started blocking individual IP addresses, this was OK for a while but soon became a chore & wasn't really working.
Looking for something better, I installed the xtables-addons / GeoIP databases. It all installed fine. To block all traffic from outside of the UK (I know this seems extreme but it's where I want to start) I ran this command:
iptables -A INPUT -m geoip ! --src-cc GB -j DROP
Running iptables -L , it definitely looks like the rules are being applied but I'm not 100% sure. Looking at my Apache logs it looks like I'm still getting traffic from Iran/China/Russia etc. Is there anyway to test this? (I thought about asking my boss to fly somewhere but I don't think he'd be agreeable) - I haven't touched UFW, could it's rules conflict with the iptables rules?
I'd be grateful for any pointers...
10th July 2013, 05:23 PM #2
- Rep Power
Ah... well after some digging it seemed that having rules in iptables and UFW was causing a conflict, so I disabled UFW, flushed the iptables rules and started again.
Blocking traffic from everywhere but the UK slowed my webserver to a crawl so now I'm just blocking countries were I'm getting a high volume of suspect traffic.
Seems OK now.
16th July 2013, 03:47 PM #3
Take a look at CSF, it can do what you want and it makes setting up iptables a breeze.
ConfigServer Security & Firewall
16th July 2013, 03:58 PM #4
Fail2ban can help you with this.
Apache - Fail2ban
16th July 2013, 04:18 PM #5
- Rep Power
Hi folks - thanks for the tips. I've actually got the iptables rules working fine. I'm blocking a number of countries and it's definitely made managing the server easier. Obviously IP blocking isn't the solution but it does give me a bit of breathing space. I've inherited an old Joomla website (LOTS of extensions) - holes aplenty. Now I've got things under control I can start planning migrating the site over to the latest Joomla (with as few extensions as possible!)
By mrcrazy04 in forum *nix
Last Post: 21st May 2013, 06:40 PM
Last Post: 31st October 2012, 08:16 PM
Last Post: 19th October 2012, 03:46 PM
Last Post: 10th May 2012, 10:29 PM
By mikeglover in forum *nix
Last Post: 18th May 2010, 07:49 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)