What is IPDB Firewall?
What is IPDB Firewall?
In cPGuard, we have multiple modules that work at different layers to stop various attacks. The IPDB firewall module is a system-level firewall that can block many of the attacks before it reaches your application servers.
The main components of the IPDB firewall are
1. The Cloud Advisor:- is a server cluster containing multiple servers dedicated to collecting, building and distributing a list of unsafe IPs. We have a huge list of bad IPs built on data collected from attacks we have blocked (WAF, Bruteforce, CSF and access logs), our partners like Malware.Expert and other 3rd party sources. Our algorithms, after whitelisting major providers like Cloudflare, Google etc to avoid false positives, dynamically score IPs based on various parameters to build a refined list containing only the latest and relevant threats
2. The Server Agent: cPGuard server application downloads the list of bad IPs from the cloud advisor and creates a blocklist using IPSET and IPTABLES to effectively block requests from these IPs. The block list is periodically reloaded to fetch the latest IPs and drop old IPs from the list
How to enable the IPDB Firewall?
You can enable IPDB Firewall from cPGuard >> Settings >> Security Tools >> IPDB Firewall or using the following command
/etc/cpguard/scripts/cpgbin ipdb start
How can I ensure that IPDB Firewall is working?
To confirm that the IPDB firewall is functioning good once it is enabled, you can check the log file /var/log/messages where you can see the log like following
Nov 10 13:02:13 server kernel: IPDB Blocked: IN=eth0 OUT= MAC=e:00:00:00:01:01:08:00 SRC=x.x.x.x DST=y.y.y.y LEN=60 TOS=0x00 PREC=0x20 TTL=49 ID=59669 DF PROTO=TCP SPT=31310 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0
Nov 10 13:02:15 server3kernel: IPDB Blocked: IN=eth0 OUT= MAC=e:00:00:00:01:01:08:00 SRC=x.x.x.x DST=y.y.y.y LEN=60 TOS=0x00 PREC=0x20 TTL=49 ID=59670 DF PROTO=TCP SPT=31310 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0
How to manage the IPDB Firewall from the command line?
You can use the cpgbin CLI tool to manage the IPDB Firewall from the command line.
/etc/cpguard/scripts/cpgbin ipdb stop|start|restart|reload
How to check whether an IP is blocked in IPDB Firewall?
You can use the cpgbin CLI tool to check an IP address against the IPDB Firewall from the command line.
/etc/cpguard/scripts/cpgbin checkip <IP Address>
How to whitelist an IP address from IPDB Firewall?
/etc/cpguard/scripts/cpgbin allowip <IP Address or IP Range>
Supported format for IP Range whitelist are given below
- CIDR format: 1.2.3/24
- Single IP address: 184.108.40.206
How to disable IPDB Firewall?
You can disable IPDB Firewall from cPGuard >> Settings >> Security Tools >> IPDB Firewall or using the following command
/etc/cpguard/scripts/cpgbin ipdb stop
I need more details or I have a suggestion to enhance this module
Feel free to reach our support team with your query and we will be happy to assist you regarding it.