Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: MSmith on November 26, 2019, 12:06:56 AM
-
9.2, fully patched, is router/gateway/firewall/email server but isn't providing any services to the outside except incoming email via SMTP, restricted to a specific IP range. It's getting hammered with incoming connections that just leave the poor thing hanging with a zillion SYN_RECV transactions pending. I've been playing whackamole with iptables and trying to get Fail2Ban to do something useful, but I'd rather just close the door.
Any way I can disable all incoming TCP requests on the WAN interface? Without killing server manager and Roundcube on the LAN interface?
-
You may get what you want by setting the non-public services to access=private
for svc in oidentd 'httpd-e-smith' 'ssmtpd' ftp imap imaps modSSL pop3s sshd; do
# show current status for posterity
printf "$svc was:\t$(config getprop $svc access)\n"
config setprop $svc access private
done
signal-event post-upgrade; signal-event reboot
-
You may get what you want by setting the non-public services to access=private
Thanks very much, that was helpful. I only set httpd-e-smith to private for now. That killed Roundcube but it's a small price to free up the load on the machine until a permanent solution is found. (EDIT: Server Manager still accessible.)
-
geoip filtering ?
-
GeoIP is defintely worth looking at.
Consider https://wiki.contribs.org/Xt_geoip
There are some ways to check your logs to ascertain which countries are hammering you.
It will be the usual culprits so just bin them. Life will become much quieter :-)
My only wish is that I could dump the US :-( It is now my biggest source of junk, but manageable.....