How to drop an isp
dhandler at nycap.rr.com
Sat Nov 5 15:04:43 CET 2005
Sorry if I worded my subject wrong, it's the best I could do!
Ok, I'm on Fedora Core 3, running iptables 1.2 (which seems to be
holding its own). Logwatch sends me my logs every morning and I see
people trying to tap in to tcp port 25. I do lookups on the addresses
and they all seems to be coming either from Taiwan or China. A few in
Europe and every once in while one from the US.
I've been googling around for how to block them. I'm rather green to
iptables and some of the options confuse me. Is there a way I can block
the whole ip from me? I'll paste in a section where there where
Accepted 327 packets on interface eth0
From 184.108.40.206 - 169 packets to tcp(22)
From 220.127.116.11 - 6 packets to tcp(25)
From 18.104.22.168 - 6 packets to tcp(25)
From 22.214.171.124 - 128 packets to tcp(22)
From 126.96.36.199 - 16 packets to tcp(25)
From 188.8.131.52 - 1 packet to tcp(25)
From 184.108.40.206 - 1 packet to tcp(25)
So for instance I probably would want to block 220.127.116.11 through
18.104.22.168. But I'm not really sure of the syntax I should be
using. And I don't want to screw up what I already have in place.
I'm going to chalk this one up as another learning experience!
Thanks in advance!
More information about the netfilter