News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Need Limit src-addr x
Pages: [1]
Topic: Need Limit src-addr x  (Read 2218 times)
« on: January 06, 2012, 19:55:44 »
GTe *
Posts: 3
Hello,

I would like to add a firewall rule that limits the maximum number of connections from a source address like:

IPFW add 100 allow tcp from any to internal 3389 in limit src-addr 4

I've published my Terminal server through SSL on RDP port 3389 and as you may guessed those nice hacker boys are constantly trying to break in.

Is there some way to do this in M0nowall?

(I've searched on this subject name, so I hope no hit actually means it isn't addressed before.)
« Reply #1 on: January 09, 2012, 18:15:33 »
iridris ***
Posts: 145
There is no "official" way to do this that I know of - but, what you might be able to do is look up the appropriate command in ipfilter (the firewall software that m0n0wall uses) and input that command directly into 'exec.php'. If that works, then you can add the command in to your config.xml file.
« Reply #2 on: January 12, 2012, 21:39:34 »
GTe *
Posts: 3
Thanks for your reply.
But how do I get access to this exec.php?
(I loaded my m0n0wall as an VMWare image)
« Reply #3 on: January 12, 2012, 21:45:21 »
Fred Grayson *****
Posts: 994
http://m0n0wall.LAN.IP/exec.php       or

https://m0n0wall.LAN.IP/exec.php
--
Google is your friend and Bob's your uncle.
« Reply #4 on: January 12, 2012, 21:49:54 »
GTe *
Posts: 3
I just read the IPF handbook on http://www.freebsd.org/doc/handbook/firewalls-ipf.html and couldn't find any option that will do this trick.
So it seems that M0n0wall doesn't support this (imho) very useful option.
« Reply #5 on: January 13, 2012, 00:36:48 »
brushedmoss ****
Posts: 446
m0n0wall also uses IPFW (for traffic shaping and for captive portal) ,so if you turn on traffic shaper, you should be able to add any IPFW rule via exec.php

Good Luck !
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines