Tweet
If TP handles a threat, should I bother creating a firewall rule for it?
I run a Plex and Emby server that sit behind Untangle. I see entries like this in the TP Non-Web Blocked Events log for hostile countries:
.... I'm going to look into Fail2ban but in the mean time.... since TP is blocking these, should I bother with creating a firewall rule that blocks their originating country? (I know.... geo blocking isn't the end all be all for blocking hack attempts but if I can erect a roadblock or two, it will make me feel better
)
Side note.... I've also seen a few legit IPs from my friends in here and it says the same...."Blocked = True". I've reached out to one of them to see if he is indeed having problems. I was thinking.... create a TP rule to bypass/not flag Plex Emby traffic but I'm guessing if I did that, and a bad actor is indeed hammering away at those ports, TP has been neutralized and I'd be weakening my own protection. Correct?
.... I'm going to look into Fail2ban but in the mean time.... since TP is blocking these, should I bother with creating a firewall rule that blocks their originating country? (I know.... geo blocking isn't the end all be all for blocking hack attempts but if I can erect a roadblock or two, it will make me feel better
)Side note.... I've also seen a few legit IPs from my friends in here and it says the same...."Blocked = True". I've reached out to one of them to see if he is indeed having problems. I was thinking.... create a TP rule to bypass/not flag Plex Emby traffic but I'm guessing if I did that, and a bad actor is indeed hammering away at those ports, TP has been neutralized and I'd be weakening my own protection. Correct?
Comment