Hi,
I use to connect with my network using vpn( l2tp/Ipsec). I noticed connecting attempts from 216.218.206.X network:
That wasn't me for sure.
Could you tell me how can i block whole network (visible on pictures) from attempting to connect with my router ?
-
-
nitrohydride
newbie
- Posts: 29
- Joined:
L2tp Ipsec intruders
You do not have the required permissions to view the files attached to this post.
-
-
nitrohydride
newbie
- Posts: 29
- Joined:
Re: L2tp Ipsec intruders
This network doesnt seems to be on Bogons list.
Should i block this Ip on forward or input chain ?
Actually i have the rule "Drop all from wan" on my input chain. Can somone explain this ?
Should i block this Ip on forward or input chain ?
Actually i have the rule "Drop all from wan" on my input chain. Can somone explain this ?
Re: L2tp Ipsec intruders
These are scans performed by Shadowserver. The scan does not harm you in any way, but if you want, you can obviously block it in your firewall's input chain, however they have multiple IP addresses and it will be hard to do.
https://isakmpscan.shadowserver.org/
https://isakmpscan.shadowserver.org/
-
-
nitrohydride
newbie
- Posts: 29
- Joined:
Re: L2tp Ipsec intruders
Should i place the rule mentioned by Companion before accepting rules for VPN ?
The order would be like :
I do understand what emils mentioned, just asking to make sure this is the proper way to block certain ip from connecting via vpn with my network.
The order would be like :
Code: Select all
add action=drop chain=input in-interface=ether1 src-address=216.218.206.0/24
add action=accept chain=input comment="allow l2tp/ipsec" dst-port=500 in-interface=ether1 protocol=udp
add action=accept chain=input comment="allow l2tp/ipsec" dst-port=4500 in-interface=ether1 protocol=udp
add action=accept chain=input comment="allow l2tp/ipsec" dst-port=1701 in-interface=ether1 protocol=udp