Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Tim on June 17, 2002, 07:16:00 PM

Title: Blocking Specific IP Addresses
Post by: Tim on June 17, 2002, 07:16:00 PM

Hi group,

Is it possible or is there an RPM available that can block IP addresses?  

I am currently using SessionWall on an 2K box and SLMAIL on an NT box and I have rule sets blocking known SPAM organizations and SPAMMERS on both.  It's a huge list and it currently blocks 90% of SPAM for my clients.  

I am in the process of putting everything behind a Mitel/E-Smith box and I would like to be able to filter the IP address list at the Mitel box instead of doing it in two or three different places.

I have the UPDATE SYSTEM and USER-MANAGER rpms in place.  Any thoughts or ideas would be appreciated.  

Thanks!

--Tim

Title: Re: Blocking Specific IP Addresses
Post by: Kees Vonk on June 17, 2002, 07:47:53 PM

You could try something like spamassasin (http://spamassassin.org/). I think I does what you want, but I haven't used it myself.

Kees

Title: Re: Blocking Specific IP Addresses
Post by: Tim on June 18, 2002, 07:48:06 AM

Thanks Kees,

Neat stuff there but not what I was looking for.  I need to input IP addresses and/or blocks of IP addresses.  

Example: I want to block mail from anywhere inside 202.0.0.0-202.255.255.255 and 203.0.0.0-203.255.255.255.  These are two huge blocks of ISP's in the Asian Pacific Network that promote SPAM/UCE and free mail services.  

Thanks!

--Tim

Title: Re: Blocking Specific IP Addresses
Post by: Daley Lay on June 18, 2002, 12:43:54 PM

Tim,

you can use ipchains to block the IP, to add more IPs to block simply type /sbin/ipchains -I input -s 123.123.123.123 -j DENY -l.

If you wish to have permanent setting after each rebooted, just addin at the end of /etc/rc.d/rc.local file.

Regards,
Daley

Title: Re: Blocking Specific IP Addresses
Post by: Tim on July 24, 2002, 03:22:10 AM

Hi Daley,

What would the string be for a block of IP's.  Example:
The Asian Pacific Network:  202.0.0.0-202.255.255.255

Is there a batch process method or file that I can plug in hundreds of blocks like this one?

I have an extensive IP list of known spammers and spamming hosts and I would like the E-Smith server to deny them access.

Thanks in advance.

---tim

Title: Re: Blocking Specific IP Addresses
Post by: Chris Trent on July 25, 2002, 04:21:20 AM

/sbin/ipchains -I input -s 202.0.0.0/8 -j DENY -l

Title: Re: Blocking Specific IP Addresses
Post by: Daley Lay on July 25, 2002, 01:27:12 PM

Tim,

it shd be /sbin/ipchains -I input -s xx.xx.xx.xxx -d xxx.xxx.xxx.xxx -j DENY -l, i'm not sure for ranging IP block.

Title: Re: Blocking Specific IP Addresses
Post by: Ruud on April 11, 2003, 01:24:39 AM

But for the SME V5.6 is ipchains not working.
So i think you'll need to create custom templates to adjust the
/etc/rc.d/init.d/masq script.
How i don't know, perhaps has somebody the answer?