Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

100K entries in iptables



Yes,  I can't remember where I found the doc.  But especially if you're
running on a 2.4 kernel your system will choke around 500 rules I
believe.

I'll dig around to see if I can find that article.

Matthew Shields
Sr Systems Administrator
NameMedia, Inc.
(P) 781-839-2828
mshields at namemedia.com
http://www.namemedia.com
 
-----Original Message-----
From: discuss-bounces at blu.org [mailto:discuss-bounces at blu.org] On Behalf
Of Bob - BLU
Sent: Wednesday, September 13, 2006 1:07 PM
To: discuss at blu.org
Subject: 100K entries in iptables

As I look through the maillog file on my inbound smtp server, I get
irritated by all of the 'Relaying denied' entries.  These look like
external systems trying to relay through my server and being denied.

I think, perhaps I can stop these systems (and other known spammers)
before they get to sendmail.  So I grep through the last few months of
maillogs and gather a list of >100K unique ip addresses.

I think, I'll stuff these into iptables.  But then, it seems like a lot
of filtering.  Although, perhaps it is better than letting sendmail get
slammed, and I will receive less spam, and so less load from spamd.

For the moment, I have decided to limit this to the current and previous
weekly maillog file, which keeps the number of entries down around 4K.

But I still ponder, is putting 100K, or even 4K, entries into iptables a
bad idea?  eg: What are the side effects of doing this?

Here is a sample script:

###

iptables -P INPUT ACCEPT

iptables -N SPAMMER
iptables -A SPAMMER -j LOG --log-prefix 'spammer: '
iptables -A SPAMMER -j DROP

iptables -N SPAMCHECK
iptables -A SPAMCHECK -s 127.0.0.1/32   -j ACCEPT   # Local host
iptables -A SPAMCHECK -s 192.168.0.0/16 -j ACCEPT   # Local network
iptables -A SPAMCHECK -s <snip>/32      -j ACCEPT   # Good customer

iptables -A SPAMCHECK -s 4.18.54.180/32 -j SPAMMER  # Bad guy
<repeat many times with different ip address>

iptables -A INPUT -p tcp --dport 25 --syn -j SPAMCHECK

###

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss at blu.org
http://olduvai.blu.org/mailman/listinfo/discuss

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org