From: johnny b. <jb...@gm...> - 2015-02-25 20:22:57
|
You could use ipsets for this. #blrules DROP net:+badpeople all #init ipset destroy -quiet badpeople ipset restore -exist < /etc/shorewall/ipsetlists/badpeople On Tue, Feb 24, 2015 at 1:48 AM, Eduardo Diaz - Gmail <edi...@gm...> wrote: > Hi to all I am fight with a DDOS based in smtp mail. > > I am using Debian 7.7 x86 and Shorewall-4.5.5.3 > > I am getting errors to my domain trying to send mail every second or more. > > 2015-02-24 10:25:21 H=([58.187.161.220]) [58.187.161.220] sender verify > fail for <cik...@ad...>: Unrouteable address > 2015-02-24 10:25:21 H=([58.187.161.220]) [58.187.161.220] F=< > cik...@ad...> rejected RCPT <cik...@ad...>: > Sender verify failed > 2015-02-24 10:25:21 unexpected disconnection while reading SMTP command > from ([58.187.161.220]) [58.187.161.220] (error: Connection reset by peer) > > > At the begining use fail2ban to ban the concurrent conexion but the bad > people learn to not make the same conexion more than one. :-( > > All the ipaddres are listed in DNSbl and I can use a simple script to test > if this conexion is listed in DNSBL (using a internal program to cache > every ip). > > My intencion are: > > Every conexion that is made shorewall launch the script or the rule if is > listed in DNSBL-Drop if not allow to connect to the mailserver. > > Shorewall has this funcionalty? because I search in the documentation and > I don't find any similar only the blacklist funcionality. > > Regards and thanks for the responses. > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > Shorewall-users mailing list > Sho...@li... > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > |