Quote:
Originally Posted by win32sux
How about doing per-IP limits by means of the recent match module?
There should be several examples of that here in LQSEC.
|
Can you list the section it is located in.
I have set the server to deny the connection to port 443 for webmail,
I could have done this with another iptables (firewall) but I used the -I (insert) command and placed in the 'INPUT'.
iptables -I RH-Firewall-1-INPUT (line-number) -s 170.51.0.0/255.255.0.0 -d 199.xx.xx.xx -p tcp -m tcp --dport 443 -j DROP
This will deny access to webmail without impacting legitimate traffic to the server.
I am still working on blocking for example 170.51.0.0/16 to port 25 but allow the email server to send to an email server in this
range if needed. The Barracuda(s) will allow an email address through the mail exchanger with the IP range blocked.
The trick is how to setup iptables to allow the email outbound and connect to the email server?
If the 170.51.0.0/16 is set to drop on INPUT then no email can be sent from the server since it will fail connecting to it.
Still working on it, I know there has to be a way to do it. I have been testing today but will pick up tomorrow.
thanks