On Saturday 12 June 2004 9:18 pm, Spiro Azkoul wrote:
> Hello
>
> I blocked a subnet by using the following command:
> iptables -A INPUT -s 222.0.0.0/8 -j DROP
> I then saved it to file
> iptables-save > /etc/sysconfig/iptables
> and did an iptables -L INPUT to verify that it is in
> DROP all -- 222.0.0.0/8 anywhere
>
> However, i am still receiving SPAM from IPs within that subnet (and others)
> long after I thought I completely blocked them from connecting to my
> server.
Can you show us the headers of such an email, showing that the server which
directly sent it to you is in that address range?
Try adding a LOG rule immediately after the above DROP rule:
iptables -A INPUT -s 222.0.0.0/8 -j LOG
After you get some more spam, try "iptables -L INPUT -nvx" and see what the
packet & byte counts are for the two rules.
What are your other rules (output of "iptables -L -nvx")?
Regards,
Antony.
--
Wanted: telepath. You know where to apply.
Please reply to the list;
please don't CC me.
