How do I block all protocols from an IP in cloud firewall with a single rule?
I have a few linodes, and I find the same IP's are attempting to exploit them. I created a firewall rule to drop traffic from these IP's but I must choose a protocol as there is no 'all' option. As it stands, I would have to have 4 different rules to block TCP, UDP, ICMP and IPENCAP traffic individually. Is there something I am missing here?
1 Reply
I did some testing and how you setup your rules appears to be correct. At this time, you can only create rules for individual protocols and cannot group them or select a "All Protocols" option.
If you find that creating individual rules to block traffic from specific IPs requires too much administration, you may want to invert your rules. For example, instead of creating one DROP rule per protocol per IP range, you could instead change your Default Inbound Policy to DROP all traffic that is not explicitly set to ALLOW.
Alternatively, you can supplement your Firewall protection with server-internal firewalls/security applications like UFW, iptables, and/or Fail2Ban:
- How to Configure a Firewall with UFW | Linode Docs
- Controlling Network Traffic with iptables - A Tutorial | Linode Docs
- How to Use Fail2ban to Secure Your Server (A Tutorial) | Linode Docs
In my own experience, I have found that most of the malicious traffic originates from a handful of countries so that's what I base most of my DROP rules around. Many of my hobbyist DNS records are hosted through CloudFlare which allows you to enable country-based WAF rules, but this is also possible when configuring iptable rules. Akamai has a similar WAF that is generally used by enterprise-level customers so it may not be practical for your specific application:
- how do I block traffic from everywhere except 2 countries? (20522) | Linode Questions
- Web Application Firewall (WAF) | Application Security | Cloudflare
- App & API Protector - Website Application Protection | Akamai
Please keep in mind that if you are not careful with your rules, it's possible to create conflicts between internal applications and Cloud Firewall that can disrupt networking. If you find yourself unable to connect via SSH (Secure Shell) or that your Linode has lost network connectivity after enabling a firewall rule, I would recommend disabling the firewall, connecting with LISH (Linode Shell) Console, and beginning the process of troubleshooting your rules: