From: Aleksandar Milivojevic <amilivojevic@pbl.ca>
Cc: netfilter@lists.netfilter.org
Subject: Re: Blocking IP
Date: Thu, 29 Jul 2004 09:04:04 -0500 [thread overview]
Message-ID: <410903D4.6050203@pbl.ca> (raw)
In-Reply-To: <001601c47565$8e0ba110$858310ac@suarapembaruan.com>
david wrote:
> Dear all,
>
> My mail server received so many virus mails from ip 202.145.10.147 and after
> i look at gateway (linux) and i using iptraf i see so many traffic from
> 202.145.10.147.
> After that i try to block all traffic from 202.145.10.147 with command :
> #iptables -A INPUT -s 202.145.10.146 -j DROP
>
> but i still receiveall traffic from 202.145.10.146......
> Can anybody help me ........... that ip send virus in to mail server more
> then 20 mails per minute.......
Are the mail server and gateway two separate hosts? If yes, you need to
add the rule to the FORWARD chain. Packet will go through INPUT chain
of filter table only if its destination is local host (the gateway in
your case). If packet is to be forwarded to another host, it will go
only through FORWARD chain of filter table. In no circumstance are you
going to see packet going through both INPUT and FORWARD chains of
filter table.
If the mail server is running on the gateway host, check the order of
your rules. Are there any rules before the one you just added that
would accept the packets from "bad host"?
--
Aleksandar Milivojevic <amilivojevic@pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
next prev parent reply other threads:[~2004-07-29 14:04 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-02 12:58 security question Andreas Westendörpf
2004-07-29 12:14 ` Blocking IP david
2004-07-29 12:10 ` Victor Julien
2004-07-29 12:40 ` david
2004-07-29 13:29 ` Victor Julien
2004-07-29 13:42 ` Les Mikesell
2004-07-29 12:18 ` Alejandro Flores
2004-07-29 14:15 ` Aleksandar Milivojevic
2004-07-29 16:57 ` Alejandro Flores
2004-07-29 12:25 ` Dhananjoy Chowdhury
2004-07-29 12:28 ` Les Mikesell
2004-07-29 12:48 ` david
2004-07-29 12:31 ` David Cannings
2004-07-29 14:04 ` Aleksandar Milivojevic [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-12-25 13:13 Blocking ip -
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=410903D4.6050203@pbl.ca \
--to=amilivojevic@pbl.ca \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox