You could use ipsets for this.
#blrules
DROP net:+badpeople all
#init
ipset destroy -quiet badpeople
ipset restore -exist < /etc/shorewall/ipsetlists/badpeople
On Tue, Feb 24, 2015 at 1:48 AM, Eduardo Diaz - Gmail <[email protected]>
wrote:
> Hi to all I am fight with a DDOS based in smtp mail.
>
> I am using Debian 7.7 x86 and Shorewall-4.5.5.3
>
> I am getting errors to my domain trying to send mail every second or more.
>
> 2015-02-24 10:25:21 H=([58.187.161.220]) [58.187.161.220] sender verify
> fail for <[email protected]>: Unrouteable address
> 2015-02-24 10:25:21 H=([58.187.161.220]) [58.187.161.220] F=<
> [email protected]> rejected RCPT <[email protected]>:
> Sender verify failed
> 2015-02-24 10:25:21 unexpected disconnection while reading SMTP command
> from ([58.187.161.220]) [58.187.161.220] (error: Connection reset by peer)
>
>
> At the begining use fail2ban to ban the concurrent conexion but the bad
> people learn to not make the same conexion more than one. :-(
>
> All the ipaddres are listed in DNSbl and I can use a simple script to test
> if this conexion is listed in DNSBL (using a internal program to cache
> every ip).
>
> My intencion are:
>
> Every conexion that is made shorewall launch the script or the rule if is
> listed in DNSBL-Drop if not allow to connect to the mailserver.
>
> Shorewall has this funcionalty? because I search in the documentation and
> I don't find any similar only the blacklist funcionality.
>
> Regards and thanks for the responses.
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
