1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help, NEW bruteproptect.

Discussion in 'Tomato Firmware' started by kthaddock, Aug 16, 2013.

  1. kthaddock

    kthaddock Network Guru Member

    I have tested new bruteprotect and it's working as is should, but it breaks IPT-traffic and WEB-mon.
    I think --state is the culpit, but I'm not sure programing isn't my skills.

    I hope some one can give some help and I't will be implemented in builds.

    Here is the new bruteprotect:
    Here is the proof it's working:
    In iptable there is two line with --state and there is the problem I think.
     
    Last edited: Aug 16, 2013
  2. RMerlin

    RMerlin Network Guru Member

    No idea what that is, but if it interferes with IPTraffic (and filtering in general), my first guess would be that it inserted a rule at the top of the FORWARD chain, before the iptraffic rule. Can you check the FORWARD chain?

    The INPUT chain is only relevant to traffic terminated on the router, not for traffic that gets routed to clients.
     
  3. jerrm

    jerrm Network Guru Member

    That is exactly what it is doing:
    Code:
    iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    kt:
    I have similar, but I insert the recent check for forwarded ports at the top of the wanin chain. That should catch any gui generated forwarded inbound ports. If you don't have forwarded ports, then you may not need a rule there at all.
     
  4. kthaddock

    kthaddock Network Guru Member

    Yes that is on top of FORWARD:
    How to move it down in chain ?

    And INPUT chain:
     
    Last edited: Aug 17, 2013
  5. jerrm

    jerrm Network Guru Member

    Don't do anything directly in the FORWARD chain. Get rid of all the RELATED, ESTABLISHED rule manipulation. Insert the recent check at the top of the wanin chain.

    The INPUT chain is probably OK as is.
     
  6. kthaddock

    kthaddock Network Guru Member

    Like this way:
     
  7. jerrm

    jerrm Network Guru Member

    No, you don't need a state rule at all, let the default tomato state rules do their job.

    Try:
    Code:
    wanf=`nvram get wan_iface`
    iptables -N bruteprotect
    iptables -A bruteprotect -m recent --set --name BRUTEFORCE --rsource
    iptables -A bruteprotect -m recent ! --update --seconds 60 --hitcount 4 --name BRUTEFORCE --rsource -j RETURN
    iptables -A bruteprotect -j LOG --log-prefix "[DROP BRUTEFORCE] : " --log-tcp-options --log-ip-options
    iptables -A bruteprotect -j DROP
    iptables -I INPUT 3 -i $wanf -p tcp -m tcp --dport 21:23 -j bruteprotect
    iptables -I wanin -i $wanf -p tcp -m tcp --dport 21:23 -j bruteprotect
     
  8. kthaddock

    kthaddock Network Guru Member

    Okey thanks................maby to late for this, I'm testing tomorrow. God night and thanks för your help. :rolleyes:
     
  9. kthaddock

    kthaddock Network Guru Member

    God morning. I have tested and that doesn't work. can't se "bruteprotect" in either INPUT or FORWARD chain.
    Tryed to move down FORWARD after monitor but no go.
    If i remove this line I don't get any logging on bruted ipnumber.
     

Share This Page