On 11/27/05, Rob Sterenborg <rob@xxxxxxxxxxxxxxx> wrote: > > I have a apache webserver behind a iptables firewall, and some people > > are trying to abuse from my server probably for spam. I have this > > information on the log of the apache: > > > > 219.80.160.238 - - [27/Nov/2005:08:56:13 -0200] "CONNECT > > 64.161.246.99:25 HTTP/1.0" 200 6446 > > > > I have a lot of this lines, with some diferent IPs, I already blocked > > all those IPs. > > > > I want create a rule that block all those type of connections, > > someone know how can i do? > > You say you already block these connections. So why do you ask ? I asked because i did it manually i want some rule to drop this connections automaticaly. > > - If you have a lot of IP addresses : http://ipset.netfilter.org/ for > creating a set of ip addresses to match Ok, i'll read this URL. > - Use Squid as reverse proxy > > > The ideia ir more or less it: > > > > "everything witch comes for the htttp_port wich contain 'connect type > > connections' must be deny or droped'" > > You want content filtering and Netfilter is no good for that. You could > use the string match, but if the string you want to match is divided > over 2 (or more) packets, it won't work. > Use Squid as reverse proxy to block something like this. I dont want use squid, but thanks for the idea. []s > > > Gr, > Rob > > > -- ------------------------------ Leonardo Marques http://www.analyx.org ------------------------------
