mxc wrote: > Hi there, > > We have a machine on the network that has been infected and is sending out > spam. The people responsible say the machine has been cleaned and > disconnected from the network but this is not the case. It seems they don't > know what they are doing and I have decided to rather block the client at > the firewall. Endian had transparent smtp proxy enabled. > > I added the following IPTables rule > > iptables -I INPUT 1 -s 192.168.12.12 -j DROP > and > iptables -I FORWARD 1 -s 192.168.12.12 -j DROP > > > But this has failed to stop the client from connecting and sending spam. > What am I missing? > >
MIght be the way NAT is setup try this /sbin/iptables -t nat -I CUSTOMPREROUTING -s 192.168.12.12 -j DROP If it works but it in /var/efw/inithooks/rc.firewall.local [both the start and stop sections so it can be unloaded correctly] -Mike ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
