SenecaComputer.com
How to block Smoothwall firewall hits from China and Korea
When
examining your firewall logs, you will probably notice that a large
percentage of firewall hits orginate from Chinese or Korean IP
addresses.
These constant probes of your defenses should be a reminder that you
should never leave any unnecessary ports open to the world. While
Smoothwall will not accept these hits unless the target port is open,
they fill up the firewall logs and are a nuisance. Fortunately, they can be easily blocked.
You
could manually enter all the Chinese and/or Korean IP address ranges into the IP Block web
manager page of your Smoothwall, but there is a much easier way.
You can modify the contents of the /var/smoothwall/ipblock/config
file to include the Chinese and/or Korean IP addresses using a text editor on a Linux
desktop machine. The contents of the config file looks like this:
| 1.12.0.0/14,off,DROP,on 1.24.0.0/13,off,DROP,on 1.56.0.0/13,off,DROP,on 1.116.0.0/14,off,DROP,on |
Make a backup of your existing /var/smoothwall/ipblock/config file before uploading the new file. Also,
examine the new config file before uploading it to your Smoothwall to
verify that there is only one IP range per line and each line has the
proper text after the IP range. Also, there should not be any
blank lines, not even at the bottom of the file.
Upload the new file to your Smoothwall, then either reboot or run the following commands from the terminal:
/etc/rc.d/rc.netaddress.down
/etc/rc.d/rc.netaddress.up
For IP address ranges of other countries, check out http://www.countryipblocks.net/
Resources:
Back to Smoothwall Firewall Page
Back
to Seneca Computer Home Page
Page updated July 24, 2011