How to drop an isp

Dave Handler dhandler at nycap.rr.com
Sat Nov 5 15:04:43 CET 2005


Greetings!

Sorry if I worded my subject wrong, it's the best I could do!

Ok, I'm on Fedora Core 3, running iptables 1.2 (which seems to be 
holding its own).  Logwatch sends me my logs every morning and I see 
people trying to tap in to tcp port 25.  I do lookups on the addresses 
and they all seems to be coming either from Taiwan or China.  A few in 
Europe and every once in while one from the US.

I've been googling around for how to block them.  I'm rather green to 
iptables and some of the options confuse me.  Is there a way I can block 
the whole ip from me?  I'll paste in a section where there where 
accepted packets:

Accepted 327 packets on interface eth0
  From 69.21.138.231 - 169 packets to tcp(22)
  From 70.86.208.18 - 6 packets to tcp(25)
  From 72.36.128.42 - 6 packets to tcp(25)
  From 202.107.195.52 - 128 packets to tcp(22)
  From 207.150.176.81 - 16 packets to tcp(25)
  From 219.133.247.226 - 1 packet to tcp(25)
  From 219.134.232.31 - 1 packet to tcp(25)


So for instance I probably would want to block 202.107.0.0 through 
202.107.255.255.  But I'm not really sure of the syntax I should be 
using.  And I don't want to screw up what I already have in place.

I'm going to chalk this one up as another learning experience!

Thanks in advance!

Dave



More information about the netfilter mailing list