http://shorewall.net/ipsets.html
On Wed, Feb 25, 2015 at 12:22 PM, johnny bowen <[email protected]> wrote:
> You could use ipsets for this.
>
> #blrules
> DROP net:+badpeople all
>
> #init
> ipset destroy -quiet badpeople
> ipset restore -exist < /etc/shorewall/ipsetlists/badpeople
>
>
>
>
> On Tue, Feb 24, 2015 at 1:48 AM, Eduardo Diaz - Gmail <[email protected]>
> wrote:
>
>> Hi to all I am fight with a DDOS based in smtp mail.
>>
>> I am using Debian 7.7 x86 and Shorewall-4.5.5.3
>>
>> I am getting errors to my domain trying to send mail every second or more.
>>
>> 2015-02-24 10:25:21 H=([58.187.161.220]) [58.187.161.220] sender verify
>> fail for <[email protected]>: Unrouteable address
>> 2015-02-24 10:25:21 H=([58.187.161.220]) [58.187.161.220] F=<
>> [email protected]> rejected RCPT <[email protected]>:
>> Sender verify failed
>> 2015-02-24 10:25:21 unexpected disconnection while reading SMTP command
>> from ([58.187.161.220]) [58.187.161.220] (error: Connection reset by peer)
>>
>>
>> At the begining use fail2ban to ban the concurrent conexion but the bad
>> people learn to not make the same conexion more than one. :-(
>>
>> All the ipaddres are listed in DNSbl and I can use a simple script to
>> test if this conexion is listed in DNSBL (using a internal program to cache
>> every ip).
>>
>> My intencion are:
>>
>> Every conexion that is made shorewall launch the script or the rule if is
>> listed in DNSBL-Drop if not allow to connect to the mailserver.
>>
>> Shorewall has this funcionalty? because I search in the documentation and
>> I don't find any similar only the blacklist funcionality.
>>
>> Regards and thanks for the responses.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website,
>> sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub
>> for all
>> things parallel software development, from weekly thought leadership
>> blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
