This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Simple IP/IP range blacklist ?

Is there a simple way in ASL to create a "blacklist" ? A list of IPs and domain that should allways be dropped when they apears as either source or destination ?

I'm trying to fend off a machine that is either infected by some virus or whose user is actively scanning my network blocks. I've already called their ISP and they have conected the admin but the flow of probes doesn't stop.

This thread was automatically locked due to age.

0 JimmyM over 20 years ago in reply to StephaneGROBETY

For example.
I use the SMTP proxy.
I want to block incoming SMTP traffic from host 151.197.20.10.
Creating a host definition 151.197.20.10 and packet filter rule to block traffic from 151.197.20.10 on port 25 won't stop them from sending mail.
When the SMTP proxy is enabled ASL creates an iptables rule like this.
iptables -A AUTO_INPUT -s any -d any --dport 25 ACCEPT
This rule is interpreted before your DROP rule that is in USR_INPUT, and therefore the SMTP proxy still gets the mail.
Cancel
Vote Up 0 Vote Down

Cancel