ipset not blocking

Thomas Raef traef06 at ebasedsecurity.com
Wed Mar 15 18:20:36 CET 2006 

But my previous rule that uses -m set is before the rules you list.

Any ideas?

Your email server blocks my messages to you.

I get:

Your message did not reach some or all of the intended recipients.

      Subject:	RE: ipset not blocking
      Sent:	3/15/2006 10:51 AM

The following recipient(s) could not be reached:

      Jozsef Kadlecsik on 3/15/2006 10:49 AM
            There was a SMTP communication problem with the recipient's
email server.  Please contact your system administrator.
            <mail.ebasedsecurity.com #5.5.0 smtp;550
<kadlec at blackhole.kfki.hu>: Recipient address rejected: Access denied.
Your site is banned because of the unsolicited mail messages received
from it.>

I check my blacklists frequently and I don't see me on any blacklists.
What's blocking me?

-----Original Message-----
From: Jozsef Kadlecsik [mailto:kadlec at blackhole.kfki.hu] 
Sent: Wednesday, March 15, 2006 11:16 AM
To: Thomas Raef
Cc: netfilter at lists.netfilter.org
Subject: RE: ipset not blocking

On Wed, 15 Mar 2006, Thomas Raef wrote:

> I was looking to block traffic to my port 25 (gateway device) from a
> list of CIDRs that I obtained from arin, apnic, ripe, lacnic &
afrinic.
>
> I don't think my idea will work as it appears the sending host
> continually retries sending the message with just a -j DROP in my
> iptables. I guess I need to send a 553 message so it stops trying.

Yes, that's how SMTP supposed to work.

> But I'd still like to know why it's not blocking.
>
> Here is my iptables -nL:
>
> Chain INPUT (policy DROP)
> target     prot opt source               destination
> DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp
> dpts:135:139
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpt:520
>
> DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp
> spts:67:68
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:873
>
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

This rule catches and accepts everything.

> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
> RELATED,ESTABLISHED
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
> RELATED,ESTABLISHED
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state NEW
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state NEW

Duplicated rules, but anyway, these state rules catch and accept
everything (except INVALID).

Best regards,
Jozsef
-
E-mail  : kadlec at blackhole.kfki.hu, kadlec at sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

More information about the netfilter mailing list