Reply
Emerging Member
Posts: 52
Registered: ‎10-18-2017

Add FW rule over ssh

Hi,

 

I have a little script which blocks IP and save this firs in a mysql DB.

The script runs now via ssh og iptables.

 

How can I over ssh make a FW rule with "configure set firewall..... "

 

regards

Christopher

Established Member
Posts: 1,733
Registered: ‎03-02-2016
Kudos: 399
Solutions: 132

Re: Add FW rule over ssh

Emerging Member
Posts: 52
Registered: ‎10-18-2017

Re: Add FW rule over ssh

Not exactly, becuase script is based on perl and runs on an external server
Established Member
Posts: 1,733
Registered: ‎03-02-2016
Kudos: 399
Solutions: 132
Established Member
Posts: 1,588
Registered: ‎05-03-2016
Kudos: 553
Solutions: 154

Re: Add FW rule over ssh

Create a script on the router that is executed by the external script.

Highlighted
Emerging Member
Posts: 40
Registered: ‎07-03-2015
Kudos: 25
Solutions: 2

Re: Add FW rule over ssh

Much better is to create an address group and update that address group.

 firewall {
     all-ping enable
     broadcast-ping disable
     group {
         address-group FH_A {
             description "firehol addresses"
         }
     }

...

         rule 60 {
             action drop
             description "drop FH_A"
             destination {
                 group {
                     address-group FH_A
                 }
             }
             log enable
         }

 

Then you can use ipset to add or replace a set of addresses. Lots more in this thread:

https://community.ubnt.com/t5/EdgeMAX/Emerging-Threats-Blacklist/td-p/645375

 

 

Reply