How to drop an isp

Dave Handler dhandler at
Sat Nov 5 15:04:43 CET 2005


Sorry if I worded my subject wrong, it's the best I could do!

Ok, I'm on Fedora Core 3, running iptables 1.2 (which seems to be 
holding its own).  Logwatch sends me my logs every morning and I see 
people trying to tap in to tcp port 25.  I do lookups on the addresses 
and they all seems to be coming either from Taiwan or China.  A few in 
Europe and every once in while one from the US.

I've been googling around for how to block them.  I'm rather green to 
iptables and some of the options confuse me.  Is there a way I can block 
the whole ip from me?  I'll paste in a section where there where 
accepted packets:

Accepted 327 packets on interface eth0
  From - 169 packets to tcp(22)
  From - 6 packets to tcp(25)
  From - 6 packets to tcp(25)
  From - 128 packets to tcp(22)
  From - 16 packets to tcp(25)
  From - 1 packet to tcp(25)
  From - 1 packet to tcp(25)

So for instance I probably would want to block through  But I'm not really sure of the syntax I should be 
using.  And I don't want to screw up what I already have in place.

I'm going to chalk this one up as another learning experience!

Thanks in advance!


More information about the netfilter mailing list