Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

100K entries in iptables

Yes,  I can't remember where I found the doc.  But especially if you're
running on a 2.4 kernel your system will choke around 500 rules I

I'll dig around to see if I can find that article.

Matthew Shields
Sr Systems Administrator
NameMedia, Inc.
(P) 781-839-2828
mshields at
-----Original Message-----
From: discuss-bounces at [mailto:discuss-bounces at] On Behalf
Of Bob - BLU
Sent: Wednesday, September 13, 2006 1:07 PM
To: discuss at
Subject: 100K entries in iptables

As I look through the maillog file on my inbound smtp server, I get
irritated by all of the 'Relaying denied' entries.  These look like
external systems trying to relay through my server and being denied.

I think, perhaps I can stop these systems (and other known spammers)
before they get to sendmail.  So I grep through the last few months of
maillogs and gather a list of >100K unique ip addresses.

I think, I'll stuff these into iptables.  But then, it seems like a lot
of filtering.  Although, perhaps it is better than letting sendmail get
slammed, and I will receive less spam, and so less load from spamd.

For the moment, I have decided to limit this to the current and previous
weekly maillog file, which keeps the number of entries down around 4K.

But I still ponder, is putting 100K, or even 4K, entries into iptables a
bad idea?  eg: What are the side effects of doing this?

Here is a sample script:


iptables -P INPUT ACCEPT

iptables -N SPAMMER
iptables -A SPAMMER -j LOG --log-prefix 'spammer: '
iptables -A SPAMMER -j DROP

iptables -N SPAMCHECK
iptables -A SPAMCHECK -s   -j ACCEPT   # Local host
iptables -A SPAMCHECK -s -j ACCEPT   # Local network
iptables -A SPAMCHECK -s <snip>/32      -j ACCEPT   # Good customer

iptables -A SPAMCHECK -s -j SPAMMER  # Bad guy
<repeat many times with different ip address>

iptables -A INPUT -p tcp --dport 25 --syn -j SPAMCHECK


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Discuss mailing list
Discuss at

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /