Community discussions

MikroTik App
 
mano0000
just joined
Topic Author
Posts: 11
Joined: Sun Jul 01, 2018 9:36 pm

Block an IP address from the Internet

Wed Apr 28, 2021 4:11 pm

Hi All,
Just trying to get my head around how to block an IP entering through the WAN onto a mail server on the LAN side.
For example the offending IP address is 5.188.206.123, which I wish to stop.
Viewing the various posts on this forum, I have implemented as below.. on outerOS 6.48

/ip firewall address-list
add address=5.188.206.123 list=blacklist

/ip firewall filter
add action=drop chain=input src-address-list=blacklist

I can see using Torch the packets coming in..
However, the mail server is still being hit.
Checking the counters on the Firewall/Filter Rules, the counter against the drop on blacklist is not incrementing and the mail server is still being hit.

Please advise

Thanks
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block an IP address from the Internet

Wed Apr 28, 2021 4:28 pm

Hi All,
Just trying to get my head around how to block an IP entering through the WAN onto a mail server on the LAN side.
For example the offending IP address is 5.188.206.123, which I wish to stop.
Viewing the various posts on this forum, I have implemented as below.. on outerOS 6.48

/ip firewall address-list
add address=5.188.206.123 list=blacklist

/ip firewall filter
add action=drop chain=input src-address-list=blacklist

I can see using Torch the packets coming in..
However, the mail server is still being hit.
Checking the counters on the Firewall/Filter Rules, the counter against the drop on blacklist is not incrementing and the mail server is still being hit.

Please advise

Thanks

https://apps.db.ripe.net/db-web-ui/quer ... 88.206.123
I suggest you:
5.188.206.123 => abuse@fastvps.biz

/ip firewall raw
add action=drop chain=prerouting src-address-list=blacklist
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Block an IP address from the Internet

Wed Apr 28, 2021 4:41 pm

I can see using Torch the packets coming in..
However, the mail server is still being hit.

Chain=input is for traffic which terminates in router itself (source doesn't matter, can be either internet or LAN).
Chain=forward is for traffic which passes router in any direction (e.g. source on intetnet, destination on LAN or sourde on LAN and destination on internet; if there are multiple LAN subnets, this chain also affects traffic between different LAN subnets)
Chain=output is for traffic originating from router itself (and is seldomly used)


And suggestion by @rextended is a fine one. Raw firewall filter does its magic even before connection tracking machinery starts to analyze packets.
 
mano0000
just joined
Topic Author
Posts: 11
Joined: Sun Jul 01, 2018 9:36 pm

Re: Block an IP address from the Internet

Wed Apr 28, 2021 6:02 pm

Thanks mkx and rextended,
will try the raw filter and report..it to abuse.
Quite my fault for buying an item from Far East... and my email being abused.
 
mano0000
just joined
Topic Author
Posts: 11
Joined: Sun Jul 01, 2018 9:36 pm

Re: Block an IP address from the Internet

Wed Apr 28, 2021 6:24 pm

solution from rextended works perfectly..Thanks
Also reported the offending IP address.

/ip firewall raw -- interesting

Rgds
Mano
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block an IP address from the Internet

Wed Apr 28, 2021 6:32 pm

solution from rextended works perfectly..Thanks
Also reported the offending IP address.

/ip firewall raw -- interesting

Rgds
Mano
:)

Who is online

Users browsing this forum: 4l4R1, dervomsee, Google [Bot], kub1x, tdw and 86 guests