Linux Netfilter discussions
 help / color / mirror / Atom feed
* help with whitelist
@ 2009-02-09 20:34 Joey
  2009-02-10 14:49 ` Gáspár Lajos
  0 siblings, 1 reply; 7+ messages in thread
From: Joey @ 2009-02-09 20:34 UTC (permalink / raw)
  To: IPTables

Hello All,

 

Im having a problem with a whitelist I am trying to implement and apparently
we still block IP's on the whitelist.

 

First I execute the whitelist like so:

 

:CIDR-WHITE-LIST - [0:0]

:LOG_WHITE-LIST - [0:0]

-A CIDR-WHITE-LIST -s 1.2.3.4 -j LOG_WHITE-LIST 

-A LOG_WHITE-LIST -j LOG --log-prefix "CIDR-WHITE-LIST" 

-A LOG_WHITE-LIST -j ACCEPT 

-A SMTP_TRAFFIC -j CIDR-WHITE-LIST

 

Then the blacklist like so:

:CIDR-ASIAN - [0:0]

:LOG_ASIAN - [0:0]

:SMTP_TRAFFIC - [0:0]

-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j SMTP_TRAFFIC

-A CIDR-ASIAN -s 2.3.4.5 -j LOG_ASIAN 

-A LOG_ASIAN -j LOG --log-prefix "SPAM-BLOCK-CIDR-ASIAN" 

-A SMTP_TRAFFIC -j CIDR-ASIAN

 

I am basically blocking port 25 traffic to blocked IP's.

I must be missing something stupid, but cant see it.

 

Any help is greatly appreciated!

 

Thanks!



^ permalink raw reply	[flat|nested] 7+ messages in thread
* Help with whitelist
@ 2009-03-11 18:21 Joey
  2009-03-11 19:22 ` Nikolay S. Rybaloff
  0 siblings, 1 reply; 7+ messages in thread
From: Joey @ 2009-03-11 18:21 UTC (permalink / raw)
  To: IPTables

Hello All,

 

Im having a problem with a whitelist I am trying to implement with iptables
and apparently we still block IP's on the whitelist.

I am basically blocking port 25 traffic to blocked IP's but also need to
whitelist some as well insuring they never get blocked by accident.

I have my iptables rules posted here: http://web56.net/iptables.txt

 

We also use fail2ban which blocks other IP's which fail password, so my
whitelist is to hopefully protect against false bocking of legit clients.

 

I must be missing something stupid, but I just cant see it.

 

Any help is greatly appreciated!

 

Thanks!

 

 

 




^ permalink raw reply	[flat|nested] 7+ messages in thread
* help with whitelist
@ 2008-10-29 18:13 Joey
  0 siblings, 0 replies; 7+ messages in thread
From: Joey @ 2008-10-29 18:13 UTC (permalink / raw)
  To: IPTables

Hello All,

 

I have been refining my iptables code and have perfected the blocking side (
thanks to all who helped! ).  Rules here http://web56.net/iptables-save.cfg

 

But now, I need to create some whitelist entries.

 

Lets say I have a block rule of 207.144.68.0/24 and I need to whitelist
207.144.68.15

 

I tried this by hand for testing purposes:

 

Create chain

iptables -N WHITE_LIST

rue for chain

iptables -A WHITE_LIST -p tcp --dport 25 -s 207.144.68.15 -m state --state
NEW -j ACCEPT

hook rule

iptables -A INPUT -j WHITE_LIST

 

I also tried this, but no luck

 

iptables -A INPUT -p tcp -s 207.44.168.15 -j LOG --log-prefix JOEY-TEST-JOEY

iptables -A INPUT -p tcp -s 207.44.168.15 --dport 25 -j DROP

iptables -N WHITE_LIST

iptables -A SMTP_TRAFFIC -j WHITE_LIST

iptables -N LOG_WHITE_LIST

iptables -A LOG_WHITE_LIST -j LOG --log-prefix "WHITELISTED"

iptables -A LOG_WHITE_LIST -j ACCEPT

 

I'm not real clear on this so I figured before I break something ask for
help.

 

Thanks!


Joey



^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2009-03-11 19:22 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-02-09 20:34 help with whitelist Joey
2009-02-10 14:49 ` Gáspár Lajos
2009-02-10 14:58   ` Joey
2009-02-10 15:06     ` Gáspár Lajos
  -- strict thread matches above, loose matches on Subject: below --
2009-03-11 18:21 Help " Joey
2009-03-11 19:22 ` Nikolay S. Rybaloff
2008-10-29 18:13 help " Joey

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox