Re: help with whitelist

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Am I blind or there is no DROP/REJECT target at all???

Swifty

Joey írta:
Hello All,

Im having a problem with a whitelist I am trying to implement and apparently
we still block IP's on the whitelist.

First I execute the whitelist like so:

:CIDR-WHITE-LIST - [0:0]

:LOG_WHITE-LIST - [0:0]

-A CIDR-WHITE-LIST -s 1.2.3.4 -j LOG_WHITE-LIST -A LOG_WHITE-LIST -j LOG --log-prefix "CIDR-WHITE-LIST" -A LOG_WHITE-LIST -j ACCEPT
-A SMTP_TRAFFIC -j CIDR-WHITE-LIST

Then the blacklist like so:

:CIDR-ASIAN - [0:0]

:LOG_ASIAN - [0:0]

:SMTP_TRAFFIC - [0:0]

-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j SMTP_TRAFFIC

-A CIDR-ASIAN -s 2.3.4.5 -j LOG_ASIAN -A LOG_ASIAN -j LOG --log-prefix "SPAM-BLOCK-CIDR-ASIAN"
-A SMTP_TRAFFIC -j CIDR-ASIAN

I am basically blocking port 25 traffic to blocked IP's.

I must be missing something stupid, but cant see it.

Any help is greatly appreciated!

Thanks!


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux