Please shed some light on this. I was trying to use ipset to block incoming email from countries I don't want to receive email from. Here is my script: /usr/local/sbin/ipset -N Blacklist nethash --hashsize 480000 /usr/local/sbin/ipset -N ports portmap --from 1 --to 1024 /usr/local/sbin/ipset -A ports 25 /usr/local/sbin/ipset -A Blacklist 41.192.0.0/16 /usr/local/sbin/ipset -B Blacklist 41.192.0.0/16 -b ports /usr/local/sbin/ipset -A Blacklist 41.220.0.0/20 /usr/local/sbin/ipset -B Blacklist 41.220.0.0/20 -b ports /usr/local/sbin/ipset -A Blacklist 41.220.16.0/20 /usr/local/sbin/ipset -B Blacklist 41.220.16.0/20 -b ports And here is the section of my iptables: # This is for testing ipsets iptables -N BLOCKEDSMTP iptables -A FORWARD -m set --set Blacklist src,dst -j BLOCKEDSMTP iptables -A BLOCKEDSMTP -j LOG \ --log-level info --log-prefix "BLOCKED SMTP " iptables -A BLOCKEDSMTP -j DROP However, it's not blocking anything. I only want to block destination port 25 from this list of IP addresses. If I do: Ipset -T Blacklist 41.192.0.0 I get: 41.192.0.0 is in set Blacklist Please help! Thank you in advance. Thomas J. Raef e-Based Security, Inc. www.ebasedsecurity.com "You're either hardened, or you're hacked!"
