difficulties blocking inbound from specific IP addresses

Home Page Forums Network Management Firewall, Traffic Shaping and Net Balancer difficulties blocking inbound from specific IP addresses

This topic contains 0 replies, has 0 voices, and was last updated by  pddm 5 years, 3 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • November 29, 2013 at 5:32 pm #43797

    pddm
    Member

    Hi,

    I have the following setup:
    I have zeroshell with 3 NICs (2 Internet Connections with public IP 1 LAN)
    NAT is enabled on the 2 Internet Links.
    1 Virtual Server on port 25 pointing to an internal mail server.

    These days spammers were trying to relay through the mail server from 9 different IP addresses, which was no issue as the server dropped the messages by NOQUEUE. But I did see the server the mailserver running like crazu processing the hundreds of thousands of connection requests just for NOQUEUE.

    So I wanted to block the IP addresses at the Zeroshell to reduce the mail server load. I am not very literate with ip tables but I came up with the following in the Firewall Chain script:

    # This script runs when a firewall chain has changed.
    
# The variable CHAIN contains the name of the chain which has been initialized
    

    
echo "$CHAIN initialized"
    

    
if [ "$CHAIN" = FORWARD ] ; then
    
: # put here the commands for the chain FORWARD
    
fi
    

    
if [ "$CHAIN" = INPUT ] ; then
    
: # put here the commands for the chain INPUT
    
iptables -A INPUT -s 183.136.146.99 -j DROP
    
iptables -A INPUT -s 183.136.146.110 -j DROP
    
iptables -A INPUT -s 59.151.37.8 -j DROP
    
iptables -A INPUT -s 221.232.247.27 -j DROP
    
iptables -A INPUT -s 118.244.239.2 -j DROP
    
iptables -A INPUT -s 175.196.65.153 -j DROP
    
iptables -A INPUT -s 124.42.13.230 -j DROP
    
iptables -A INPUT -s 183.15.103.221 -j DROP
    
iptables -A INPUT -s 219.139.36.49 -j DROP
    
fi
    

    
if [ "$CHAIN" = OUTPUT ] ; then
    
: # put here the commands for the chain OUTPUT
    
iptables -A OUTPUT -d 183.136.146.99 -j DROP
    
iptables -A OUTPUT -d 183.136.146.110 -j DROP
    
iptables -A OUTPUT -d 59.151.37.8 -j DROP
    
iptables -A OUTPUT -d 221.232.247.27 -j DROP
    
iptables -A OUTPUT -d 118.244.239.2 -j DROP
    
iptables -A OUTPUT -d 175.196.65.153 -j DROP
    
iptables -A OUTPUT -d 124.42.13.230 -j DROP
    
iptables -A OUTPUT -d 183.15.103.221 -j DROP
    
iptables -A OUTPUT -d 219.139.36.49 -j DROP
    
fi
    

    
if [ "$CHAIN" = QoS ] ; then
    
: # put here the commands for the QoS classifier (table:mangle chain:FORWARD)
    
fi

    But the requests continued through to the mail server.

    I would apreciate a push into the right direction.

    I have been reading through the forum and searched google for more detailed instructions on how to do this.

    February 3, 2014 at 8:01 pm #53016

    DrmCa
    Participant

    I had a similar issue, though configuring firewall thru the GUI.
    The rules would not have any affect w/o protocol.
    As soon as I added protocol to the rules, they worked.
    It should not be like that, but it’s reality.
    Not sure if v.3 fixed that though, I am afraid to make any changes.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.