Re: [qmailtoaster] Block incoming mail IP range

Mon, 04 Aug 2014 04:32:21 -0700 

FWIIW

This is the reverse - unblockip script...

Examples must be exactly the same as those
used to blockip/range.

-- snip unblockip ---
#!/bin/sh
logf="/var/log/blockip.log"
mdate=`date +%c`
### must be root ###
if [ `whoami` != "root" ]; then
        echo ""
        echo "$0 must be ran as root"
        echo ""
        exit 1
fi
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
is_ip="grep -Ec 
'^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"

if [ `echo $1 |eval $is_ip` != "1" ]; then
echo "$mdate Error in IP address $1" >> $logf
else
iptables -D INPUT -s $1 -j DROP
echo "=== UNBLOCK IP ================" >> /etc/rc.d/rc.blockedips
echo "iptables -D INPUT -s $1 -j DROP" >> /etc/rc.d/rc.blockedips
echo "=== UNBLOCK IP ================" >> /etc/rc.d/rc.blockedips
echo "$mdate now allowing all packets from $1" >> $logf
fi

--- end snip ----


best wishes
  Tony White


On 4/08/2014 21:26, Tony White wrote:

This is the script I have been using...

examples
at the cli ...

blockip 192.168.1.26
or
blockip 192.168.0.0/16
or
blockip 192.168.1.0/24

works immediately and creates a rc.blockedips file for use on reboot
to reinstate the currently blocked ip's.

-- snip blockip -----
#!/bin/bash
logf="/var/log/blockip.log"
mdate=`date +%c`
mip=$1
### must be root ###
if [ `whoami` != "root" ]; then
        echo ""
        echo "$0 must be run as root"
        echo ""
        exit 1
fi;

export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
is_ip="grep -Ec 
'^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"

if [ `echo $1 |eval $is_ip` != "1" ]; then
  echo "$mdate Error in IP address $1" >> $logf
  echo "$mdate Error in IP address $1"
else
  iptables -I INPUT -s $1 -j DROP
  echo "iptables -I INPUT -s $1 -j DROP" >> /etc/rc.d/rc.blockedips
  echo "$mdate now dropping all packets from $1" >> $logf
fi;

-- end snip ----


On 4/08/2014 18:22, ChandranManikandan wrote:

Hi Ravi,
Use in IPTABLES to block it.


On Mon, Aug 4, 2014 at 2:41 PM, Linux <[email protected] 
<mailto:[email protected]>> wrote:

    Hi,

    Please guide, How to block range of IP's for incoming mail?

    IP: 209.85.xxx.xxx

    Thanks,

    Ravi




--
*/Thanks & Best Regards,
Manikandan.C
/*

Reply via email to