Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Yes, I can't remember where I found the doc. But especially if you're running on a 2.4 kernel your system will choke around 500 rules I believe. I'll dig around to see if I can find that article. Matthew Shields Sr Systems Administrator NameMedia, Inc. (P) 781-839-2828 mshields at namemedia.com http://www.namemedia.com -----Original Message----- From: discuss-bounces at blu.org [mailto:discuss-bounces at blu.org] On Behalf Of Bob - BLU Sent: Wednesday, September 13, 2006 1:07 PM To: discuss at blu.org Subject: 100K entries in iptables As I look through the maillog file on my inbound smtp server, I get irritated by all of the 'Relaying denied' entries. These look like external systems trying to relay through my server and being denied. I think, perhaps I can stop these systems (and other known spammers) before they get to sendmail. So I grep through the last few months of maillogs and gather a list of >100K unique ip addresses. I think, I'll stuff these into iptables. But then, it seems like a lot of filtering. Although, perhaps it is better than letting sendmail get slammed, and I will receive less spam, and so less load from spamd. For the moment, I have decided to limit this to the current and previous weekly maillog file, which keeps the number of entries down around 4K. But I still ponder, is putting 100K, or even 4K, entries into iptables a bad idea? eg: What are the side effects of doing this? Here is a sample script: ### iptables -P INPUT ACCEPT iptables -N SPAMMER iptables -A SPAMMER -j LOG --log-prefix 'spammer: ' iptables -A SPAMMER -j DROP iptables -N SPAMCHECK iptables -A SPAMCHECK -s 127.0.0.1/32 -j ACCEPT # Local host iptables -A SPAMCHECK -s 192.168.0.0/16 -j ACCEPT # Local network iptables -A SPAMCHECK -s <snip>/32 -j ACCEPT # Good customer iptables -A SPAMCHECK -s 4.18.54.180/32 -j SPAMMER # Bad guy <repeat many times with different ip address> iptables -A INPUT -p tcp --dport 25 --syn -j SPAMCHECK ### -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list Discuss at blu.org http://olduvai.blu.org/mailman/listinfo/discuss -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |