Thanks to Sean's suggestion to use the (unknown to me) AIX firewall
built into OS/2, I am opening up my telnet port again.

Not like I have a ton of callers, but for those 1-2 a year, they can
connect to a real TG/2 system again :P

At first I was having trouble figuring it out but then I started to
grasp the concept again of how iptables type stuff works and got it
working. Although I am doing it the opposite of how I probably should,
since it only has a few ports forwarded to it, the box should be fine.

I am blocking specific IPs first, then allowing everything.

This seemed like a better idea than deny everything, block by IP, then
permit specific ports (binkd/telnet/vnc/ftp/etc).

Kev


--- Telegard/2/QWK v3.09.g2-sp4/mL
* Origin: Razor's Domain/2 BBS (618:200/1)

Kevin Nunn wrote to All <=-

At first I was having trouble figuring it out but then I started to
grasp the concept again of how iptables type stuff works and got it working. Although I am doing it the opposite of how I probably should, since it only has a few ports forwarded to it, the box should be fine.

The way the AIX firewall requires you to enter the subnet for the IP address instead of the CIDR range made me think for a bit until I started using an online subnet calculator. <G>

This seemed like a better idea than deny everything, block by IP, then permit specific ports (binkd/telnet/vnc/ftp/etc).

Make sure that the last rule you have is "deny everything". The firewall
won't work right unless you put that rule in.

I originally used that firewall because a particular Russian in Fidonet
thought it fun to try to SYN flood me. Stopped him in his tracks.

I really don't have that many issues now. My telnet port gets hammered a
bit but I have to set up a fail2ban jail for telnet offenders.

-- Sean

... Crane's Law: there ain't no such thing as a free lunch.
--- MultiMail/Linux
* Origin: Outpost BBS * Johnson City, TN (618:618/1)

DIGIMAUS wrote to KEVIN NUNN <=-

Make sure that the last rule you have is "deny everything". The
firewall won't work right unless you put that rule in.

Well, I don't have that and it seems to be working ok. I'll see as time
goes on. There are only 2 rules right now. a DENY for the IP of the
offending person and a PERMIT for everything else. And that seems to be working.

If I end up having problems then I'll add PERMITS for
Telnet/binkd/VNC/FTP and then deny everything else.

I originally used that firewall because a particular Russian in Fidonet thought it fun to try to SYN flood me. Stopped him in his tracks.

I think this guy is coming from russia too, but it's weird and not
consistant. Sometimes he'll hit it once, other times he hits it fast
and often. That's when vmodem has a fit.

Kev

--- Telegard/2/QWK v3.09.g2-sp4/mL
* Origin: Razor's Domain/2 BBS (618:200/1)

Hello Kevin,

20 Mar 22 14:00, you wrote to Digimaus:

Well, I don't have that and it seems to be working ok. I'll see as
time goes on. There are only 2 rules right now. a DENY for the IP of
the offending person and a PERMIT for everything else. And that seems
to be working.

That means your firewall is not working right and allowing everything. Re-read the instructions again as the AIX firewall requires an ending DENY ALL entry.

I think this guy is coming from russia too, but it's weird and not consistant. Sometimes he'll hit it once, other times he hits it fast
and often. That's when vmodem has a fit.

Yeah, they're a real pest. I currently have something like 2000 IPs in my fail2ban recidive jail. The price of doing business these days.

-- Sean

... Raising pet electric eels is gaining a lot of current popularity.
--- GoldED+/LNX 1.1.5-b20180707
* Origin: Outpost BBS * Johnson City, TN (618:618/1)

SEAN DENNIS wrote to KEVIN NUNN <=-

That means your firewall is not working right and allowing everything. Re-read the instructions again as the AIX firewall requires an ending
DENY ALL entry.

But it is working how I want it to work LOL. It is doing what i need it
to do. Which is to block a specific IP only. The system is not open to
the world, only alt telnet port and binkd.

Kev

--- Telegard/2/QWK v3.09.g2-sp4/mL
* Origin: Razor's Domain/2 BBS (618:200/1)

To: Kevin Nunn
Re: Re: Opening up Telnet :P
By: Kevin Nunn to Sean Dennis on Mon Mar 21 2022 03:04 pm

From Newsgroup: Micronet.MIN_BBS

SEAN DENNIS wrote to KEVIN NUNN <=-

That means your firewall is not working right and allowing everything. Re-read the instructions again as the AIX firewall requires an ending DENY ALL entry.

But it is working how I want it to work LOL. It is doing what i need it
to do. Which is to block a specific IP only. The system is not open to
the world, only alt telnet port and binkd.

Kev

dude if you are connected to the internet you are going to have hundreds of attackers a day
--- Synchronet 3.18b-Win32 NewsLink 1.113
* bbses.info - http://bbses.info - telnet://bbses.info
* Origin: Time Warp of the Future BBS - Home of League 10 (618:300/12)

JAS HUD wrote to KEVIN NUNN <=-

dude if you are connected to the internet you are going to have
hundreds of attackers a day --- Synchronet 3.18b-Win32 NewsLink 1.113

It's not directly connected to the internet. I have a router that
forwards binkd/telnet port to that box and that is it.

Kev


--- Telegard/2/QWK v3.09.g2-sp4/mL
* Origin: Razor's Domain/2 BBS (618:200/1)

To: Kevin Nunn
Re: Re: Opening up Telnet :P
By: Kevin Nunn to Jas Hud on Tue Mar 22 2022 03:25 pm

From Newsgroup: Micronet.MIN_BBS

JAS HUD wrote to KEVIN NUNN <=-

dude if you are connected to the internet you are going to have hundreds of attackers a day --- Synchronet 3.18b-Win32 NewsLink 1.113

It's not directly connected to the internet. I have a router that
forwards binkd/telnet port to that box and that is it.

Kev

yeah i have a router too.
you're connected to the internet.
--- Synchronet 3.18b-Win32 NewsLink 1.113
* bbses.info - http://bbses.info - telnet://bbses.info
* Origin: Time Warp of the Future BBS - Home of League 10 (618:300/12)

JAS HUD wrote to KEVIN NUNN <=-

hundreds of attackers a day --- Synchronet 3.18b-Win32 NewsLink 1.113

yeah i have a router too.
you're connected to the internet.

So if I only have telnet and binkd ports forwarded to that box, how am
I going to have hundreds of attackers a day?

Kev


--- Telegard/2/QWK v3.09.g2-sp4/mL
* Origin: Razor's Domain/2 BBS (618:200/1)

To: Kevin Nunn
Re: Re: Opening up Telnet :P
By: Kevin Nunn to Jas Hud on Wed Mar 23 2022 01:28 pm

From Newsgroup: Micronet.MIN_BBS

JAS HUD wrote to KEVIN NUNN <=-

hundreds of attackers a day --- Synchronet 3.18b-Win32 NewsLink 1.113

yeah i have a router too.
you're connected to the internet.

So if I only have telnet and binkd ports forwarded to that box, how am
I going to have hundreds of attackers a day?

because they will scan your ip and find the open ports and attempt to get in. and they keep on trying.
--- Synchronet 3.18b-Win32 NewsLink 1.113
* bbses.info - http://bbses.info - telnet://bbses.info
* Origin: Time Warp of the Future BBS - Home of League 10 (618:300/12)