Or this...
-- snip --
#!/bin/bash
logf="/var/log/blockip.log"
mdate=`date +%c`
mip=$1
### must be root ###
if [ `whoami` != "root" ]; then
echo ""
echo "$0 must be run as root"
echo ""
exit 1
fi;
if [ $mip == "--help" ]; then
echo "========================================"
echo "Help: Block single and subnet IP's"
echo "========================================"
echo "blockip 130.2.1.1"
echo "blockip 130.2.1.0/24"
echo "----------------------------------------"
exit 1
fi;
mip1=${mip:0:6};
# your lan range if needed or comment out
if [ $mip1 == "192.168.1." ]; then # change ip to suit
echo "$mdate Discarding LAN drop request for $mip1" >> $logf
exit 1
fi;
# whitelist special clients...
# change the IP.ADDR.ESS to suit.
# comment out to remove
if [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [
$mip == "IP.ADDR.ESS" ] ; then
echo "$mdate Discarding WAN drop request for $mip" >> $logf
echo "$mdate Discarding WAN drop request for $mip"
exit 1
fi;
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
is_ip="grep -Ec
'^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"
if [ `echo $mip |eval $is_ip` != "1" ]; then
echo "$mdate Error in IP address $mip" >> $logf
echo "$mdate Error in IP address $mip"
else
iptables -I INPUT -s $mip -j DROP
echo "iptables -I INPUT -s $mip -j DROP"
echo "iptables -I INPUT -s $mip -j DROP" >> /etc/rc.d/rc.blockedips
echo "$mdate now dropping all packets from $mip" >> $logf
fi;
-- snip --
best wishes
Tony White
On 18/4/20 8:09 pm, Tony White wrote:
Hi David,
Sorry try this instead...
-- snip --
#!/bin/sh
logf="/var/log/blacklist_ip.log"
mdate=`date +%c`
### must be root ###
if [ `whoami` != "root" ]; then
echo ""
echo "$0 must be ran as root"
echo ""
exit 1
fi
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
is_ip="grep -Ec
'^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"
if [ `echo $1 |eval $is_ip` != "1" ]; then
echo "$mdate Error in IP address $1" >> $logf
else
echo "$1" >> /opt/spamdyke/etc/blacklist_ip
echo "$mdate now dropping all packets from $1" >> $logf
fi
--snip --
best wishes
Tony White
On 18/4/20 8:04 pm, Tony White wrote:
Hi David,
Try using this little script...
-- snip --
#!/bin/bash
logf="/var/log/blockip.log"
mdate=`date +%c`
mip=$1
### must be root ###
if [ `whoami` != "root" ]; then
echo ""
echo "$0 must be run as root"
echo ""
exit 1
fi;
if [ $mip == "--help" ]; then
echo "========================================"
echo "Help: Block single and subnet IP's"
echo "========================================"
echo "blockip 132.2.1.1"
echo "blockip 132.1.0/24"
echo "----------------------------------------"
exit 1
fi;
-- snip --
worked for me forever...
Use qtp watchall to monitor the logs and use th output to manually block ips or
subnets
If you need more hit me off list.
best wishes
Tony White
On 18/4/20 2:59 pm, David Bray wrote:
I can see I'm getting hammered on my smtps port
How can I mitigate this?
I can see the IP's in /var/log/qmail/smtps/current
*but where do I actually see that the smtp auth actually fails ?*
or do I need to increase the logging somewhere ?
if I tail -f /var/log/dovecot.log
I can see the imap and pop failures
thanks in advance
David Bray
0418 745334
2 ∞ & <
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
