Hi i have a forward rich rule in let’s say
10.12.0.1
and the rule forward a tcp port to
10.12.0.5
but this port it’s being targeted of an a attack, then I know the IP and want to block or drop or reject all incoming traffic from that source but if I add the rule for block that and then the rule for the forwarding any ways the package still getting forwarder to 10.12.0.5
this is how it looks
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client http https
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="XX.XX.XX.XX" drop
rule family="ipv4" forward-port port="800" protocol="tcp" to-addr="10.12.0.5"
after this configuration the package from XX.XX.XX.XX still getting into 10.12.0.5
I may mention the incoming package get into eth0 and they are forwarded to tun0