From: "Joey" <Joey@Web56.net>
To: IPTables <netfilter@vger.kernel.org>
Subject: RE: General question about chains
Date: Thu, 16 Oct 2008 18:16:54 -0400 [thread overview]
Message-ID: <000a01c92fdc$e5776ed0$b0664c70$@net> (raw)
In-Reply-To: <1224163165.3999.7.camel@grateful.d.umn.edu>
> -----Original Message-----
> From: Matt Zagrabelny [mailto:mzagrabe@d.umn.edu]
> Sent: Thursday, October 16, 2008 9:19 AM
> To: Joey
> Cc: netfilter@vger.kernel.org
> Subject: Re: General question about chains
>
> # create the chain
> iptables -N CIDR-ASIAN
>
> # hook the chain into another chain (PREROUTING, INPUT, FORWARD, etc)
iptables
> -A INPUT -j CIDR-ASIAN
>
> # add rules to the new chain
> iptables -A CIDR-ASIAN -p tcp -s 118.242.0.0/16 -j LOG --log-prefix SPAM-
> BLOCK-CIDR-ASIAN
>
> iptables -A CIDR-ASIAN -p tcp -s 118.242.0.0/16 --dport 25 -j DROP
>
> # flush the chain
> iptable -F CIDR-ASIAN
>
>
> > This didn't work for me and I have tried several varients with no luck.
> >
> > So my first question is do I understand correcty how to utilize chains?
> >
> > Will I be able to load and unload chains rather than flush everything
> > end reload everything? ( I have a lot of rules )
>
> I don't quite understand your question.
>
> You 'create' and 'delete' user-defined chains. You can, of course, flush
> chains individually as well.
That's what I was looking for, however I have updated my script to create
the entries as shown, but seems like it's not working:
Do I have to tell iptables to activate a specific table of entries?
Here is a snip from iptables-save and basically NOTHING is being blocked.
Thanks!
# Generated by iptables-save v1.2.11 on Thu Oct 16 17:08:54 2008
*filter
:INPUT ACCEPT [129969:48753771]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [128669:50573226]
:CIDR-ASIAN - [0:0]
:CIDR-CZECH - [0:0]
:CIDR-IISG - [0:0]
:CIDR-INDIA-KOREA - [0:0]
:CIDR-POLAND - [0:0]
:CIDR-RUSSIA - [0:0]
:CIDR-TURKEY - [0:0]
:CIDR-UK - [0:0]
:TEST-JACK - [0:0]
:fail2ban-postfix - [0:0]
:fail2ban-postfix-log - [0:0]
-A CIDR-ASIAN -s 58.14.0.0/255.254.0.0 -p tcp -j LOG --log-prefix
"SPAM-BLOCK-CIDR-ASIAN"
-A CIDR-ASIAN -s 58.14.0.0/255.254.0.0 -p tcp -m tcp --dport 25 -j DROP
-A CIDR-ASIAN -s 58.16.0.0/255.248.0.0 -p tcp -j LOG --log-prefix
"SPAM-BLOCK-CIDR-ASIAN"
-A CIDR-ASIAN -s 58.16.0.0/255.248.0.0 -p tcp -m tcp --dport 25 -j DROP
-A CIDR-ASIAN -s 58.24.0.0/255.254.0.0 -p tcp -j LOG --log-prefix
"SPAM-BLOCK-CIDR-ASIAN"
-A CIDR-ASIAN -s 58.24.0.0/255.254.0.0 -p tcp -m tcp --dport 25 -j DROP
-A CIDR-ASIAN -s 58.29.0.0/255.255.0.0 -p tcp -j LOG --log-prefix
"SPAM-BLOCK-CIDR-ASIAN"
-A CIDR-ASIAN -s 58.29.0.0/255.255.0.0 -p tcp -m tcp --dport 25 -j DROP
next prev parent reply other threads:[~2008-10-16 22:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-16 3:46 General question about chains Joey
2008-10-16 13:19 ` Matt Zagrabelny
2008-10-16 22:16 ` Joey [this message]
2008-10-17 8:40 ` Покотиленко Костик
2008-10-16 16:41 ` Gilad Benjamini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000a01c92fdc$e5776ed0$b0664c70$@net' \
--to=joey@web56.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.