Firewall Question
I have a firewall rule to drop packets from certain addresses: (email spam)
my /etc/sysconfig/iptables begins as:
# Generated by iptables-save v1.4.7 on Thu Jun 26 09:11:09 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:148]
-A INPUT -m pkttype –pkt-type multicast -j ACCEPT
-A INPUT -s 223.255.229.0/24 -j DROP
-A INPUT -s 218.96.0.0/24 -j DROP
-A INPUT -s 216.227.128.0/24 -j DROP
-A INPUT -s 216.156.135.0/24 -j DROP
-A INPUT -s 213.251.189.0/24 -j DROP
-A INPUT -s 213.239.219.0/24 -j DROP
-A INPUT -s 213.205.32.0/24 -j DROP
-A INPUT -s 213.136.70.0/24 -j DROP
-A INPUT -s 212.178.110.0/24 -j DROP
-A INPUT -s 212.83.141.0/24 -j DROP
-A INPUT -s 212.83.136.0/24 -j DROP
-A INPUT -s 212.83.134.0/24 -j DROP
-A INPUT -s 210.107.197.0/24 -j DROP
-A INPUT -s 209.239.123.0/24 -j DROP
-A INPUT -s 209.133.56.0/24 -j DROP
-A INPUT -s 209.126.73.0/24 -j DROP
-A INPUT -s 209.126.72.0/24 -j DROP
-A INPUT -s 209.126.71.0/24 -j DROP
-A INPUT -s 209.126.70.0/24 -j DROP
-A INPUT -s 198.101.11.0/24 -j DROP
then /var/log/maillog gices this entry.
from=
6 thoughts on - Firewall Question
If you add a -v to your
iptables -L -n | grep 198.101
are you seeing the rule get hit?
yes I am seeing it hit.
iptables –list -n -v | grep 198.101
8 416 DROP all — * * 198.101.11.0/24
0.0.0.0/0
Jerry
Try
watch iptables -nvL INPUT
Do you see anything?
Also try moving your ACCEPT statements below all of your drops. Iptables operates in sequential order, from the top down.
Actually I think I was wrong… Somehow the mail is landing on my box (from an address I am not blocking)
and this particular email is requesting going OUT of my box. Seems the firewall operating fine. I just looked at it incorrectly.
Jerry
Hi,
There’s something weird happening to my CentOS VMs, cannot switch back to GUI. Black screen with a single underscore character at top left of the screen.
Ok so I have ESXI 5.1 host, with 3 VM all running CentOS. I rebooted the esxi host yesterday for a power maintenance. All went well… until I switched console on the vms.
I was able to login using the GUI, then I pressed Alt F5, then I was sent to the text console… I usually do this to save energy. I did the same for all the CentOS vm… now I wanted to switch back to GUI but I can’t. I even pressed all the keys from F1 to F12 but were not able to get back to the GUI for all the VMs.
Can you please advise where Im missing?
Regards, Deno
Hi – When updating my CentOS 7 – firewalld why does the virt-manager loose connections to all GUI’s ? I just close the virt-manager main window –
select the virt-manager from gnome side panel and re-run – and then they all come back after you click on them – but why is the connection to the GUI lost ? Can I prevent that somehow ?
Thanks,
Jerry