Hope someone can help!

I'd like to block incoming mail on my Linux Router from specific IP's. Actually I wouldn't mind blocking all traffic from these addresses. The reason that I want to block these IP's is that they are infected with MyDoom and even though my mail server blocks the attached payload, I still receive 1000's of these mails from multiple addresses daily.

What I've tried that doesn't seem to work.....


iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP

(Added this in hopes to drop any packet received from the host ip in the header of the bad mail)

I run iptables simply for NAT and don't really have any other filtering going on. I'd love to have some kind of firewall settings that block just about everything other then web/mail/ssh/dns. Everything else I could care less about.


Thanks in advance,



Chris Staunton

let me know how this works out:

# make a new chain with name LBLOCK
iptables -N LBLOCK

# set the logging format
iptables -A LBLOCK -j log --log-prefix "BLOCK a=DROP "

# set to drop
iptables -A LBLOCK -j DROP

# drop and log any packets from ipaddr
iptables -I INPUT -i eth0 -s $ipaddr -j LBLOCK
iptables -I OUTPUT -o eth0 -d $ipaddr -j LBLOCK


edit: bugfix

Using FORWARD instead of INPUT is what I needed to do, since natting is happening as well the rules were getting bypassed. FORWARD did the trick.