Home Page › Forums › Network Management › Firewall, Traffic Shaping and Net Balancer › difficulties blocking inbound from specific IP addresses
- This topic is empty.
-
AuthorPosts
-
November 29, 2013 at 5:32 pm #43797
pddm
MemberHi,
I have the following setup:
I have zeroshell with 3 NICs (2 Internet Connections with public IP 1 LAN)
NAT is enabled on the 2 Internet Links.
1 Virtual Server on port 25 pointing to an internal mail server.These days spammers were trying to relay through the mail server from 9 different IP addresses, which was no issue as the server dropped the messages by NOQUEUE. But I did see the server the mailserver running like crazu processing the hundreds of thousands of connection requests just for NOQUEUE.
So I wanted to block the IP addresses at the Zeroshell to reduce the mail server load. I am not very literate with ip tables but I came up with the following in the Firewall Chain script:
# This script runs when a firewall chain has changed.
# The variable CHAIN contains the name of the chain which has been initialized
echo "$CHAIN initialized"
if [ "$CHAIN" = FORWARD ] ; then
: # put here the commands for the chain FORWARD
fi
if [ "$CHAIN" = INPUT ] ; then
: # put here the commands for the chain INPUT
iptables -A INPUT -s 183.136.146.99 -j DROP
iptables -A INPUT -s 183.136.146.110 -j DROP
iptables -A INPUT -s 59.151.37.8 -j DROP
iptables -A INPUT -s 221.232.247.27 -j DROP
iptables -A INPUT -s 118.244.239.2 -j DROP
iptables -A INPUT -s 175.196.65.153 -j DROP
iptables -A INPUT -s 124.42.13.230 -j DROP
iptables -A INPUT -s 183.15.103.221 -j DROP
iptables -A INPUT -s 219.139.36.49 -j DROP
fi
if [ "$CHAIN" = OUTPUT ] ; then
: # put here the commands for the chain OUTPUT
iptables -A OUTPUT -d 183.136.146.99 -j DROP
iptables -A OUTPUT -d 183.136.146.110 -j DROP
iptables -A OUTPUT -d 59.151.37.8 -j DROP
iptables -A OUTPUT -d 221.232.247.27 -j DROP
iptables -A OUTPUT -d 118.244.239.2 -j DROP
iptables -A OUTPUT -d 175.196.65.153 -j DROP
iptables -A OUTPUT -d 124.42.13.230 -j DROP
iptables -A OUTPUT -d 183.15.103.221 -j DROP
iptables -A OUTPUT -d 219.139.36.49 -j DROP
fi
if [ "$CHAIN" = QoS ] ; then
: # put here the commands for the QoS classifier (table:mangle chain:FORWARD)
fi
But the requests continued through to the mail server.
I would apreciate a push into the right direction.
I have been reading through the forum and searched google for more detailed instructions on how to do this.
February 3, 2014 at 8:01 pm #53016DrmCa
ParticipantI had a similar issue, though configuring firewall thru the GUI.
The rules would not have any affect w/o protocol.
As soon as I added protocol to the rules, they worked.
It should not be like that, but it’s reality.
Not sure if v.3 fixed that though, I am afraid to make any changes. -
AuthorPosts
- You must be logged in to reply to this topic.