From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nikolai Georgiev Subject: Re: How to drop an isp Date: Sat, 05 Nov 2005 20:41:26 +0200 Message-ID: <436CFCD6.7070206@gmail.com> References: <436CBBFB.1070101@nycap.rr.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <436CBBFB.1070101@nycap.rr.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: Dave Handler Cc: netfilter@lists.netfilter.org Dave Handler wrote: > Greetings! > > Sorry if I worded my subject wrong, it's the best I could do! > > Ok, I'm on Fedora Core 3, running iptables 1.2 (which seems to be > holding its own). Logwatch sends me my logs every morning and I see > people trying to tap in to tcp port 25. I do lookups on the addresses > and they all seems to be coming either from Taiwan or China. A few in > Europe and every once in while one from the US. > > I've been googling around for how to block them. I'm rather green to > iptables and some of the options confuse me. Is there a way I can > block the whole ip from me? I'll paste in a section where there where > accepted packets: > > Accepted 327 packets on interface eth0 > From 69.21.138.231 - 169 packets to tcp(22) > From 70.86.208.18 - 6 packets to tcp(25) > From 72.36.128.42 - 6 packets to tcp(25) > From 202.107.195.52 - 128 packets to tcp(22) > From 207.150.176.81 - 16 packets to tcp(25) > From 219.133.247.226 - 1 packet to tcp(25) > From 219.134.232.31 - 1 packet to tcp(25) > > > So for instance I probably would want to block 202.107.0.0 through > 202.107.255.255. But I'm not really sure of the syntax I should be > using. And I don't want to screw up what I already have in place. > iptables -I INPUT --src 202.107/16 --p tcp --dport 25 -j DENY > I'm going to chalk this one up as another learning experience! > > Thanks in advance! > > Dave > >