> I have a apache webserver behind a iptables firewall, and some people > are trying to abuse from my server probably for spam. I have this > information on the log of the apache: > > 219.80.160.238 - - [27/Nov/2005:08:56:13 -0200] "CONNECT > 64.161.246.99:25 HTTP/1.0" 200 6446 > > I have a lot of this lines, with some diferent IPs, I already blocked > all those IPs. > > I want create a rule that block all those type of connections, > someone know how can i do? You say you already block these connections. So why do you ask ? - If you have a lot of IP addresses : http://ipset.netfilter.org/ for creating a set of ip addresses to match - Use Squid as reverse proxy > The ideia ir more or less it: > > "everything witch comes for the htttp_port wich contain 'connect type > connections' must be deny or droped'" You want content filtering and Netfilter is no good for that. You could use the string match, but if the string you want to match is divided over 2 (or more) packets, it won't work. Use Squid as reverse proxy to block something like this. Gr, Rob
