From 54b07433a5389b5e1f747ee02f1075620dc4f831 Mon Sep 17 00:00:00 2001 From: nicholasmanios Date: Wed, 18 Mar 2020 16:02:23 -0400 Subject: [PATCH] more changes --- aries/firewall/README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/aries/firewall/README.md b/aries/firewall/README.md index 23d48a4..f2a01c1 100644 --- a/aries/firewall/README.md +++ b/aries/firewall/README.md @@ -8,4 +8,10 @@ Since I want this server to be as close a _router replacement_ as possible, I wa I also wanted to ensure that this machine will be the only place that any device on my local network goes to for DNS lookup. To do this, I created a `/etc/pf_public_dns.table` IP table containing the most popular public DNS servers. Any device that tries to connect to one of these servers will get routed to my DNS server (located on the aries as well). ## VPN -Currently pf manages connecting the routes to and from the OpenVPN network (`10.8.0.0/16`), however this will be changed in the future as I am currently migrating from OpenVPN to Wireguard. \ No newline at end of file +Currently pf manages connecting the routes to and from the OpenVPN network (`10.8.0.0/16`), however this will be changed in the future as I am currently migrating from OpenVPN to Wireguard. + +## Spam IP Blocklist +There are plans in the future to incorporate IP blocking of spammers in pf. This should be moved to the firewall of hermes so that aries does not lose the definition of _router replacement_. + +## Abusive IP Blocklist +You may notice `BLOCKTEMP` and `BLOCKPERM` tables. These tables are used to block abusive hosts. The abusive hosts are determined from the number of bad requests to my web server. If an IP has > 10 4xx/5xx responses with a 24 hour period it gets added to the `BLOCKTEMP` table. \ No newline at end of file