How to drop an isp
dhandler at nycap.rr.com
Sat Nov 5 15:04:43 CET 2005
Sorry if I worded my subject wrong, it's the best I could do!
Ok, I'm on Fedora Core 3, running iptables 1.2 (which seems to be
holding its own). Logwatch sends me my logs every morning and I see
people trying to tap in to tcp port 25. I do lookups on the addresses
and they all seems to be coming either from Taiwan or China. A few in
Europe and every once in while one from the US.
I've been googling around for how to block them. I'm rather green to
iptables and some of the options confuse me. Is there a way I can block
the whole ip from me? I'll paste in a section where there where
Accepted 327 packets on interface eth0
From 18.104.22.168 - 169 packets to tcp(22)
From 22.214.171.124 - 6 packets to tcp(25)
From 126.96.36.199 - 6 packets to tcp(25)
From 188.8.131.52 - 128 packets to tcp(22)
From 184.108.40.206 - 16 packets to tcp(25)
From 220.127.116.11 - 1 packet to tcp(25)
From 18.104.22.168 - 1 packet to tcp(25)
So for instance I probably would want to block 22.214.171.124 through
126.96.36.199. But I'm not really sure of the syntax I should be
using. And I don't want to screw up what I already have in place.
I'm going to chalk this one up as another learning experience!
Thanks in advance!
More information about the netfilter