Block Iptables domain or ISP

Discussion in 'HOWTO-Related Questions' started by mkdir, Feb 6, 2015.

  1. mkdir

    mkdir New Member

    Is possible block domain/ISP on iptables? For ex.

    ####mail.log###
    Feb 6 18:51:55 web postfix/smtpd[8895]: warning: hostname 177-188-209-190.dsl.telesp.net.br does not resolve to address 177.188.209.190: Name or service not known
    Feb 6 18:51:55 web postfix/smtpd[8895]: connect from unknown[177.188.209.190]
    Feb 6 18:51:56 web postfix/smtpd[8895]: NOQUEUE: reject: RCPT from unknown[177.188.209.190]: 554 5.7.1 <5.135.190.160>: Helo command rejected: Regras EHLO: Regras Locais n o permitem endere os IPs no Helo; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<5.135.190.160>
    Feb 6 18:51:57 web postfix/smtpd[8895]: NOQUEUE: reject: RCPT from unknown[177.188.209.190]: 554 5.7.1 <5.135.190.160>: Helo command rejected: Regras EHLO: Regras Locais n o permitem endere os IPs no Helo; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<5.135.190.160>
    Feb 6 18:51:57 web postfix/smtpd[8895]: NOQUEUE: reject: RCPT from unknown[177.188.209.190]: 554 5.7.1 <5.135.190.160>: Helo command rejected: Regras EHLO: Regras Locais n o permitem endere os IPs no Helo; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<5.135.190.160>

    My server is receiving several attacks from telesp.net.br and I would like to block all connections from that ISP because customers use the internet and constantly changing ip.

    I Try :
    root@web:~# iptables -I INPUT -s telesp.net.br -j DROP
    iptables v1.4.14: host/network `telesp.net.br' not found
    Try `iptables -h' or 'iptables --help' for more information.
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    Why don´t you use the ip instead of the hostname? The hostname is resolved only you add the rule and not when the packets are checked.
     
  3. mkdir

    mkdir New Member

    The problem is that the attacks are dynamic ips are always different ...
    for example:
    Feb 7 19:24:35 web postfix/smtpd[9925]: warning: hostname 187-101-65-83.dsl.telesp.net.br does not resolve to address 187.101.65.83: Name or service not known
    Feb 7 19:24:35 web postfix/smtpd[9925]: connect from unknown[187.101.65.83]
    Feb 7 19:24:37 web postfix/smtpd[9925]: NOQUEUE: reject: RCPT from unknown[187.101.65.83]: 554 5.7.1 <5.135.190.160>: Helo command rejected: Regras EHLO: Regras Locais n o permitem endere os IPs no Helo; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<5.135.190.160>

    Feb 7 22:39:54 web postfix/smtpd[30821]: connect from 200-100-238-73.dial-up.telesp.net.br[200.100.238.73]
    Feb 7 22:39:55 web postfix/smtpd[30821]: NOQUEUE: reject: RCPT from 200-100-238-73.dial-up.telesp.net.br[200.100.238.73]: 554 5.7.1 <5.135.190.160>: Helo command rejected: Regras EHLO: Regras Locais n o permitem endere os IPs no Helo; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<5.135.190.160>
     
  4. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    You can block the country with geo-ip for iptables.
     
  5. mkdir

    mkdir New Member

    Also was one solution at the moment thanks but i decided with fail2ban-postfix + iptables.
     

Share This Page