Dave Handler wrote: > Greetings! > > Sorry if I worded my subject wrong, it's the best I could do! > > Ok, I'm on Fedora Core 3, running iptables 1.2 (which seems to be > holding its own). Logwatch sends me my logs every morning and I see > people trying to tap in to tcp port 25. I do lookups on the addresses > and they all seems to be coming either from Taiwan or China. A few in > Europe and every once in while one from the US. > > I've been googling around for how to block them. I'm rather green to > iptables and some of the options confuse me. Is there a way I can > block the whole ip from me? I'll paste in a section where there where > accepted packets: > > Accepted 327 packets on interface eth0 > From 69.21.138.231 - 169 packets to tcp(22) > From 70.86.208.18 - 6 packets to tcp(25) > From 72.36.128.42 - 6 packets to tcp(25) > From 202.107.195.52 - 128 packets to tcp(22) > From 207.150.176.81 - 16 packets to tcp(25) > From 219.133.247.226 - 1 packet to tcp(25) > From 219.134.232.31 - 1 packet to tcp(25) > > > So for instance I probably would want to block 202.107.0.0 through > 202.107.255.255. But I'm not really sure of the syntax I should be > using. And I don't want to screw up what I already have in place. > iptables -I INPUT --src 202.107/16 --p tcp --dport 25 -j DENY > I'm going to chalk this one up as another learning experience! > > Thanks in advance! > > Dave > >
