Dear Victor,
I still receive traffic from that ip.......
IPTABLES Rules
#iptables -I INPUT 1 -s 202.145.10.147 -j DROP
IPTRAF Monitoring
??202.145.10.147:1668 =
31 19815 DONE eth0 ?
??202.46.146.164:25 =
33 1485 CLOSED eth0 ?
??206.190.39.164:8
I try :
#iptables -I INPUT 1 -s 202.145.10.147 -j LOG
after that ip show again :
#iptables -L -nvx
Chain INPUT (policy ACCEPT 1532113 packets, 168017560 bytes)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 202.145.10.174
0.0.0.0/0 LOG flags 0 level 4
0 0 DROP all -- * * 202.145.10.174
0.0.0.0/0
Chain FORWARD (policy ACCEPT 8470318 packets, 3950493169 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 2106115 packets, 361037890 bytes)
pkts bytes target prot opt in out source
destination
Chain RH-Lokkit-0-50-INPUT (0 references)
pkts bytes target prot opt in out source
destination
Thank's
David
----- Original Message -----
From: "Victor Julien" <victor@xxxxx>
To: <netfilter@xxxxxxxxxxxxxxxxxxx>
Cc: "david" <david@xxxxxxxxxxxxxxxxxxxx>
Sent: Thursday, July 29, 2004 7:10 PM
Subject: Re: Blocking IP
> Try #iptables -I INPUT 1 -s 202.145.10.146 -j DROP
>
> It will insert the rule on the top of the ruleset, so it matches first.
>
> Regards,
> Victor
>
> On Thursday 29 July 2004 14:14, david wrote:
> > Dear all,
> >
> > My mail server received so many virus mails from ip 202.145.10.147 and
> > after i look at gateway (linux) and i using iptraf i see so many traffic
> > from 202.145.10.147.
> > After that i try to block all traffic from 202.145.10.147 with command :
> > #iptables -A INPUT -s 202.145.10.146 -j DROP
> >
> > but i still receiveall traffic from 202.145.10.146......
> > Can anybody help me ........... that ip send virus in to mail server
more
> > then 20 mails per minute.......
> >
> >
> > Regards,
> > David Kandou
> >
> > Help me ... iam so confused
> >
> > FYI :
> > Iam using RedHat 9
> > eth0 --> ippublic
> > eth1 --> local ip
> > mail server --> local ip
>
>
