Re: [expert] iptables to block spam

Tue, 04 Mar 2003 05:01:36 -0800 

On Tue, 04 Mar 2003 07:28:40 -0500 Mark Weaver
<[EMAIL PROTECTED]> wrote:

> Pierre Fortin wrote:
> > On Sun, 02 Mar 2003 17:45:12 -0500 Mark Weaver
> > <[EMAIL PROTECTED]> wrote:
> > 
> > 
> >>Scott St. John wrote:
> >>
> >>>Until I can migrate my clients over to Postfix I have been using the 
> >>>access lists in Sendmail to block certain repeat spammers.  I am
> >>>wondering if I could just use iptables to block them and take the
> >load>>off Sendmail?
> >>>
> >>>My question would be 1)Is that practical 2)Is the proper way to block
> >>>an entire network this:
> >>>
> >>>iptables -A INPUT -s 209.8.161.0/24 -j DROP
> >>>
> >>>I added this, however traffic from this network is still reaching my
> >>>mail server.  I want to block EVERYTHING from that network as they
> >are>>sending porn mail to my clients.
> >>>
> >>>Thanks,
> >>>
> >>>-Scott
> >>
> >>Scott,
> >>
> >>this method will work, but if you want to block the entire network
> >where>the junk comes from then you'll have to block the entire netblock
> >and>not just that part of it.
> >>
> >>iptables -A INPUT -s 209.0.0.0 -j DROP
> > 
> >                        ^^^^^^^^^
> > Mark, this is a single address...  to drop the entire block, you need
> > a netmask:
> > either 209.0.0.0/8 or 209.0.0.0/255.0.0.0
> 
> Hi Pierre,
> 
> Interestingly enough I ran a simple test on my firewall that Scott was 
> attempting to use:
> 
>       iptables -A INPUT -p tcp -s 205.216.60.167 --dport 22 -j DROP

Did you verify with?:  iptables -L -v -n

# iptables -L -v -n
Chain INPUT (policy ACCEPT 775K packets, 529M bytes)
 pkts bytes target     prot opt in     out     source              
destination
    0     0 DROP       tcp  --  *      *       205.216.60.167      
0.0.0.0/0          tcp dpt:22

I did a similar test the other day and it worked as indicated in a
previous post...


> And you know what I found? the blasted thing was ignored and I got right
> 
> in! That really knoted my shorts for even when I appended the netmask in
> 
> long and short forms to the --source address,
> (-s 205.216.60.167/255.255.255.0 ) I got the same results. I was still 
> able to get right in. I shouldn't have been able to do that; I shouldn't
> 
> have been able to connect at all from the machine I was attempting to 
> connect from. What's up with that? what am I missing here?
> 

Again, seeing your iptables would be useful...

Pierre


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to