Iptables Here is my rules /etc/firewalld/direct.xml
<?xml version="1.0" encoding="utf-8"?> <direct> <rule priority="0" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 25 -m state --state NEW -m recent --set</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j REJECT --reject-w ith tcp-reset</rule> <rule priority="2" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 7 -j REJECT --reject-w ith tcp-reset</rule> <rule priority="3" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 25 -m state --state NEW -m recent --update --seconds 200 --hitcount 15 -j REJECT --reject -with tcp-reset</rule> <rule priority="4" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 25 -m state --state NEW -m recent --update --seconds 2000 --hitcount 35 -j REJECT --rejec t-with tcp-reset</rule> <rule priority="5" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 25 -m state --state NEW -m recent --update --seconds 20000 --hitcount 120 -j REJECT --rej ect-with tcp-reset</rule> </direct> > On Dec 29, 2017, at 5:40 AM, Tony White <t...@ycs.com.au> wrote: > > Hi folks, > Is anyone else seeing a single ip connecting hundreds even thousands > of times but never sending any mail? I end up blocking these using iptables > but I do not understand why it is happening. > > TIA > > Example > 2017-12-30 00:31:31.653614500 tcpserver: status: 2/100 > 2017-12-30 00:31:31.653753500 tcpserver: pid 31242 from 114.229.162.93 > 2017-12-30 00:31:31.653820500 tcpserver: ok 31242 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62277 > 2017-12-30 00:31:32.581728500 tcpserver: end 31242 status 0 > 2017-12-30 00:31:32.581729500 tcpserver: status: 1/100 > 2017-12-30 00:31:32.872455500 tcpserver: status: 2/100 > 2017-12-30 00:31:32.872564500 tcpserver: pid 31246 from 114.229.162.93 > 2017-12-30 00:31:32.872611500 tcpserver: ok 31246 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62369 > 2017-12-30 00:31:33.862860500 tcpserver: end 31246 status 0 > 2017-12-30 00:31:33.862861500 tcpserver: status: 1/100 > 2017-12-30 00:31:34.375021500 tcpserver: status: 2/100 > 2017-12-30 00:31:34.375022500 tcpserver: pid 31248 from 114.229.162.93 > 2017-12-30 00:31:34.375056500 tcpserver: ok 31248 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62461 > 2017-12-30 00:31:35.326643500 tcpserver: end 31248 status 0 > 2017-12-30 00:31:35.326645500 tcpserver: status: 1/100 > 2017-12-30 00:31:35.717309500 tcpserver: status: 2/100 > 2017-12-30 00:31:35.717443500 tcpserver: pid 31252 from 114.229.162.93 > 2017-12-30 00:31:35.717508500 tcpserver: ok 31252 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62563 > 2017-12-30 00:31:36.657366500 tcpserver: end 31252 status 0 > 2017-12-30 00:31:36.657368500 tcpserver: status: 1/100 > 2017-12-30 00:31:37.007733500 tcpserver: status: 2/100 > 2017-12-30 00:31:37.007904500 tcpserver: pid 31254 from 114.229.162.93 > 2017-12-30 00:31:37.007983500 tcpserver: ok 31254 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62637 > 2017-12-30 00:31:37.914884500 tcpserver: end 31254 status 0 > 2017-12-30 00:31:37.914885500 tcpserver: status: 1/100 > 2017-12-30 00:31:38.215151500 tcpserver: status: 2/100 > 2017-12-30 00:31:38.215252500 tcpserver: pid 31259 from 114.229.162.93 > 2017-12-30 00:31:38.215296500 tcpserver: ok 31259 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62738 > 2017-12-30 00:31:39.110484500 tcpserver: end 31259 status 0 > 2017-12-30 00:31:39.110485500 tcpserver: status: 1/100 > 2017-12-30 00:31:39.433288500 tcpserver: status: 2/100 > 2017-12-30 00:31:39.433302500 tcpserver: pid 31261 from 114.229.162.93 > 2017-12-30 00:31:39.433357500 tcpserver: ok 31261 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62831 > 2017-12-30 00:31:40.316270500 tcpserver: end 31261 status 0 > 2017-12-30 00:31:40.316271500 tcpserver: status: 1/100 > 2017-12-30 00:31:40.615598500 tcpserver: status: 2/100 > 2017-12-30 00:31:40.615698500 tcpserver: pid 31271 from 114.229.162.93 > 2017-12-30 00:31:40.615766500 tcpserver: ok 31271 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62924 > 2017-12-30 00:31:41.496972500 tcpserver: end 31271 status 0 > 2017-12-30 00:31:41.496973500 tcpserver: status: 1/100 > 2017-12-30 00:31:41.873223500 tcpserver: status: 2/100 > 2017-12-30 00:31:41.873326500 tcpserver: pid 31273 from 114.229.162.93 > 2017-12-30 00:31:41.873371500 tcpserver: ok 31273 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63007 > 2017-12-30 00:31:42.828193500 tcpserver: end 31273 status 0 > 2017-12-30 00:31:42.828194500 tcpserver: status: 1/100 > 2017-12-30 00:31:43.135644500 tcpserver: status: 2/100 > 2017-12-30 00:31:43.135749500 tcpserver: pid 31277 from 114.229.162.93 > 2017-12-30 00:31:43.135794500 tcpserver: ok 31277 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63093 > 2017-12-30 00:31:44.067442500 tcpserver: end 31277 status 0 > 2017-12-30 00:31:44.067443500 tcpserver: status: 1/100 > 2017-12-30 00:31:44.362100500 tcpserver: status: 2/100 > 2017-12-30 00:31:44.362188500 tcpserver: pid 31282 from 114.229.162.93 > 2017-12-30 00:31:44.362231500 tcpserver: ok 31282 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63184 > 2017-12-30 00:31:45.274625500 tcpserver: end 31282 status 0 > 2017-12-30 00:31:45.274626500 tcpserver: status: 1/100 > 2017-12-30 00:31:45.574491500 tcpserver: status: 2/100 > 2017-12-30 00:31:45.574579500 tcpserver: pid 31293 from 114.229.162.93 > 2017-12-30 00:31:45.574625500 tcpserver: ok 31293 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63270 > 2017-12-30 00:31:46.464235500 tcpserver: end 31293 status 0 > 2017-12-30 00:31:46.464236500 tcpserver: status: 1/100 > 2017-12-30 00:31:46.773361500 tcpserver: status: 2/100 > 2017-12-30 00:31:46.773362500 tcpserver: pid 31298 from 114.229.162.93 > 2017-12-30 00:31:46.773363500 tcpserver: ok 31298 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63351 > 2017-12-30 00:31:47.659727500 tcpserver: end 31298 status 0 > 2017-12-30 00:31:47.659728500 tcpserver: status: 1/100 > 2017-12-30 00:31:47.940773500 tcpserver: status: 2/100 > 2017-12-30 00:31:47.940879500 tcpserver: pid 31300 from 114.229.162.93 > 2017-12-30 00:31:47.940920500 tcpserver: ok 31300 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63439 > > > > -- > best wishes > Tony White > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
