100K entries in iptables
Matt Shields
mshields at namemedia.com
Wed Sep 13 13:27:23 EDT 2006
Yes, I can't remember where I found the doc. But especially if you're
running on a 2.4 kernel your system will choke around 500 rules I
believe.
I'll dig around to see if I can find that article.
Matthew Shields
Sr Systems Administrator
NameMedia, Inc.
(P) 781-839-2828
mshields at namemedia.com
http://www.namemedia.com
-----Original Message-----
From: discuss-bounces at blu.org [mailto:discuss-bounces at blu.org] On Behalf
Of Bob - BLU
Sent: Wednesday, September 13, 2006 1:07 PM
To: discuss at blu.org
Subject: 100K entries in iptables
As I look through the maillog file on my inbound smtp server, I get
irritated by all of the 'Relaying denied' entries. These look like
external systems trying to relay through my server and being denied.
I think, perhaps I can stop these systems (and other known spammers)
before they get to sendmail. So I grep through the last few months of
maillogs and gather a list of >100K unique ip addresses.
I think, I'll stuff these into iptables. But then, it seems like a lot
of filtering. Although, perhaps it is better than letting sendmail get
slammed, and I will receive less spam, and so less load from spamd.
For the moment, I have decided to limit this to the current and previous
weekly maillog file, which keeps the number of entries down around 4K.
But I still ponder, is putting 100K, or even 4K, entries into iptables a
bad idea? eg: What are the side effects of doing this?
Here is a sample script:
###
iptables -P INPUT ACCEPT
iptables -N SPAMMER
iptables -A SPAMMER -j LOG --log-prefix 'spammer: '
iptables -A SPAMMER -j DROP
iptables -N SPAMCHECK
iptables -A SPAMCHECK -s 127.0.0.1/32 -j ACCEPT # Local host
iptables -A SPAMCHECK -s 192.168.0.0/16 -j ACCEPT # Local network
iptables -A SPAMCHECK -s <snip>/32 -j ACCEPT # Good customer
iptables -A SPAMCHECK -s 4.18.54.180/32 -j SPAMMER # Bad guy
<repeat many times with different ip address>
iptables -A INPUT -p tcp --dport 25 --syn -j SPAMCHECK
###
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Discuss mailing list
Discuss at blu.org
http://olduvai.blu.org/mailman/listinfo/discuss
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list