[BlueOnyx:19887] Re: iptables & ipset

"Meaulnes Legler"@MailList bluelist at waveweb.ch
Tue Jul 26 04:03:41 -05 2016 

thanks Chuck and Larry, I looked into it.

I'm now coming up with ipset <http://ipset.netfilter.org/>, a Linux utility that can handle multiple IP addresses and interact with iptables. It's not installed on my BlueOnyx box. Can I *yum install ipset* without breaking or getting in conflict with something on the box?

Thank you and best regards

Meaulnes Legler
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
~  www.WaveWeb.ch  ~
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
~ Zurich, Switzerland ~
~ tel: +41 44 2601660 ~



On 20.07.16 01:11, Chuck Tetlow wrote:
> Meaulnes,
>
> You're putting that DROP rule all the way down at the bottom of the INPUT chain.  Its probably behind one or two default "permit all" rules - which means it won't do a thing.
>
> I always put new rules like that at the top of the ACCTIN chain. That way - I'm sure they are considered before any default "allow" action.  Use the "insert" to line 1 like this:
> iptables -I acctin 1 -s 123.45.67.0/24 -j DROP
>
> I guarantee that will block everything from that subnet.  And you can see how much its working using:
> iptables -L -n -v | more
> That will list out all rules, along with the number of packets and bytes that matched each rule (in your case - were blocked by that rule).
>
> You can also add "--line-numbers" to that iptables command to see what line in the chain each rule is assigned.  That way, if you want to remove or change a single line - you know which one it is.
>
> Good luck.
>
>
> Chuck
>
>
>
> *---------- Original Message -----------*
> From: "\"Meaulnes Legler\"@MailList" <bluelist at waveweb.ch>
> To: BlueOnyx General Mailing List <blueonyx at mail.blueonyx.it>
> Sent: Tue, 19 Jul 2016 21:09:23 +0200
> Subject: [BlueOnyx:19856] iptables
>
> > hello
> > I'm still fighting with iptables against this mail-flooding to a specific user. I don't understand why mails from a specific IP like 123.45.67.89 still slip thru although they should be blocked if included within the subnet 123.45.67.0/24 ... I entered
> > # iptables -A INPUT -s 123.45.67.0/24 -j DROP -v
> > Reading the table with the following returns:
> > # iptables -L -n -v | grep 123.45.67.0/24
> >     0     0 DROP       all  --  *      * 69.168.97.0/24       0.0.0.0/0
> >
> > What am I missing? Does iptables need a special configuration to be able to block subnets? Thank you and best regards
> >
> > Meaulnes Legler
> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
> ~ www.WaveWeb.ch  ~
> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
> ~ Zurich, Switzerland  ~
> > ~ tel: +41 44 2601660  ~
>
>
> *------- End of Original Message -------*
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20160726/b50ab9fc/attachment.html>

More information about the Blueonyx mailing list