[BlueOnyx:13881] Re: original BlueOnyx iptables configuration

Tom wcstaff at webcoast.com
Thu Oct 17 19:30:48 -05 2013 

Tom <wcstaff at ...> writes:



> > You're probably looking for this:

> > [root <at> 5107r ~]# cat /etc/sysconfig/iptables

> > # /etc/sysconfig/iptables

> > # This file is automatically generated by log_traffic.

> > # Any manual changes will be lost

> > *filter

> > :INPUT ACCEPT [0:0]

> > :FORWARD ACCEPT [0:0]

> > :OUTPUT ACCEPT [0:0]

> > :acctin - [0:0]

> > :acctout - [0:0]

> > -A INPUT -j acctin

> > -A OUTPUT -j acctout

> > -A acctin -d 127.0.0.1/32

> > -A acctout -s 127.0.0.1/32

> > -A acctin -d 127.0.0.1/32

> > -A acctout -s 127.0.0.1/32

> > -A acctin -d <server-IP>/32

> > -A acctout -s <server-IP>/32

> > COMMIT



> > Replace <server-IP> with the primary IP of your server.

> > These are just the standard accounting rules on a BlueOnyx. All they do

> > is to measure the traffic for the GUI statistics. They don't block

> > anything and if you're missing them, all that will be affected are the

> > (currently) worthless built in traffic statistics in the GUI. Which is

> > really not that big of a loss.



> > 

> Thanks,

> This was exactly what I was looking for.

> I added a couple of more rules as well, from info found searching.

> Thank You

> Tom

 



I have created a few iptables for email and wanted to ask if the format is 

correct and you feel they may work for stopping or slowing down pop and 

smtp attacks. the reference to <ipaddress is of course the actial ip 

addresses on the server.



Block mail attacks:



/sbin/iptables -I FORWARD -p tcp --destination <ip address> --dport 25 -m 

state --state NEW -m recent --set --name MAIL --rsource



/sbin/iptables -I FORWARD -p tcp --destination <ip address> --dport 25 -m 

state --state NEW -m recent --update --seconds 60 --hitcount 20 --name 

MAIL --rsource -j DROP 



/sbin/iptables -I FORWARD -p tcp --destination <ip address> --dport 25 -m 

state --state NEW -m recent --set --name MAIL --rsource



/sbin/iptables -I FORWARD -p tcp --destination <ip address> --dport 25 -m 

state --state NEW -m recent --update --seconds 60 --hitcount 20 --name 

MAIL --rsource -j DROP 



Thanks in advance



Tom

More information about the Blueonyx mailing list