Re: Blocking IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thursday 29 July 2004 14:40, david wrote:
> Dear Victor,
>
> I still receive traffic from that ip.......
>
>
> IPTABLES Rules
> #iptables -I INPUT 1 -s 202.145.10.147 -j DROP
>

Maybe you should place the rule in the FORWARD chain.

#iptables -I FORWARD 1 -s 202.145.10.147 -j DROP

Regards,
Victor

> IPTRAF Monitoring
> ??202.145.10.147:1668                                                    =
> 31           19815     DONE       eth0       ?
> ??202.46.146.164:25                                                      =
> 33            1485     CLOSED     eth0       ?
> ??206.190.39.164:8
>
> I try :
> #iptables -I INPUT 1 -s 202.145.10.147 -j LOG
> after that ip show again :
> #iptables -L -nvx
>
> Chain INPUT (policy ACCEPT 1532113 packets, 168017560 bytes)
>     pkts      bytes target     prot opt in     out     source
> destination
>        0        0 LOG        all  --  *      *       202.145.10.174
> 0.0.0.0/0          LOG flags 0 level 4
>        0        0 DROP       all  --  *      *       202.145.10.174
> 0.0.0.0/0
>
> Chain FORWARD (policy ACCEPT 8470318 packets, 3950493169 bytes)
>     pkts      bytes target     prot opt in     out     source
> destination
>
> Chain OUTPUT (policy ACCEPT 2106115 packets, 361037890 bytes)
>     pkts      bytes target     prot opt in     out     source
> destination
>
> Chain RH-Lokkit-0-50-INPUT (0 references)
>     pkts      bytes target     prot opt in     out     source
> destination
>
>
> Thank's
> David
>
>
>
> ----- Original Message -----
> From: "Victor Julien" <victor@xxxxx>
> To: <netfilter@xxxxxxxxxxxxxxxxxxx>
> Cc: "david" <david@xxxxxxxxxxxxxxxxxxxx>
> Sent: Thursday, July 29, 2004 7:10 PM
> Subject: Re: Blocking IP
>
> > Try #iptables -I INPUT 1 -s 202.145.10.146 -j DROP
> >
> > It will insert the rule on the top of the ruleset, so it matches first.
> >
> > Regards,
> > Victor
> >
> > On Thursday 29 July 2004 14:14, david wrote:
> > > Dear all,
> > >
> > > My mail server received so many virus mails from ip 202.145.10.147 and
> > > after i look at gateway (linux) and i using iptraf i see so many
> > > traffic from 202.145.10.147.
> > > After that i try to block all traffic from 202.145.10.147 with command
> > > : #iptables -A INPUT -s 202.145.10.146 -j DROP
> > >
> > > but i still receiveall traffic from 202.145.10.146......
> > > Can anybody help me ........... that ip send virus in to mail server
>
> more
>
> > > then 20 mails per minute.......
> > >
> > >
> > > Regards,
> > > David Kandou
> > >
> > > Help me ... iam so confused
> > >
> > > FYI :
> > > Iam using RedHat 9
> > > eth0 --> ippublic
> > > eth1 --> local ip
> > > mail server --> local ip
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux