[CentOS] Firewall question

Thu Jun 26 13:25:06 UTC 2014
Steve Clark <sclark at netwolves.com>

On 06/26/2014 09:18 AM, Jerry Geis wrote:
> I have a firewall rule to drop packets from certain addresses: (email spam)
> my /etc/sysconfig/iptables begins as:
>
> # Generated by iptables-save v1.4.7 on Thu Jun 26 09:11:09 2014
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [1:148]
> -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
> -A INPUT -s 223.255.229.0/24 -j DROP
> -A INPUT -s 218.96.0.0/24 -j DROP
> -A INPUT -s 216.227.128.0/24 -j DROP
> -A INPUT -s 216.156.135.0/24 -j DROP
> -A INPUT -s 213.251.189.0/24 -j DROP
> -A INPUT -s 213.239.219.0/24 -j DROP
> -A INPUT -s 213.205.32.0/24 -j DROP
> -A INPUT -s 213.136.70.0/24 -j DROP
> -A INPUT -s 212.178.110.0/24 -j DROP
> -A INPUT -s 212.83.141.0/24 -j DROP
> -A INPUT -s 212.83.136.0/24 -j DROP
> -A INPUT -s 212.83.134.0/24 -j DROP
> -A INPUT -s 210.107.197.0/24 -j DROP
> -A INPUT -s 209.239.123.0/24 -j DROP
> -A INPUT -s 209.133.56.0/24 -j DROP
> -A INPUT -s 209.126.73.0/24 -j DROP
> -A INPUT -s 209.126.72.0/24 -j DROP
> -A INPUT -s 209.126.71.0/24 -j DROP
> -A INPUT -s 209.126.70.0/24 -j DROP
> -A INPUT -s 198.101.11.0/24 -j DROP
>
> then /var/log/maillog gices this entry.
>
> from=<griffon at dree.eu>, size=9037, class=0, nrcpts=1, msgid=<
> 3542.159.259897.271846 at dree.eu> , proto=ESMTP, daemon=MTA,
> relay=[198.101.11.141]
>
>
> How is that coming through???
>
> Why is the firewall not dropping the packets?
> I have restarted iptables so the rules are active .
>
> And just to make sure:
> iptables -L -n | grep 198.101
> DROP       all  --  198.101.11.0/24      0.0.0.0/0
>
> Thoughts?
>
> Thanks.
>
> Jerry
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
If you add a -v to your

iptables -L -n | grep 198.101

are you seeing the rule get hit?


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark at netwolves.com
http://www.netwolves.com