August 16, 2011
This post was published 9 months 4 days ago which may make its actuality or expire date not be valid anymore. This site is not responsible for any misunderstanding.What if you have your own hosting and IP permanently blacklisted?
Procedure simply spam complaints from your customers?
How to solve this problem? Here to help iptables!
Enough to limit the attempts to send mail too often and write to these attempts to log:
iptables -A FORWARD -p tcp -m tcp --dport 25 -m state --state NEW -m recent --update --s econds 60 --hitcount 6 --name SMTP_LOCAL --rsource -j ULOG --ulog-prefix "Spam:" --ulog-nlgroup 2 --ulog-cprange 100
Next example: protect ssh and ftp from bruteforce attaks, smtp from spam and web from synflood & ddos
###############################################################################
# Default Rules DROP
###############################################################################
iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -X
iptables -N SYNFLOOD
iptables -N PING
iptables -N SSH
iptables -N BLACKLIST
iptables -N FTP
iptables -N WWW
iptables -N SMTP
iptables -N SMTP_REJECT_1
iptables -N SMTP_REJECT_2
iptables -N SMTP_REJECT_3
iptables -N SMTP_REJECT_4
###############################################################################
# BASIC rules
###############################################################################
echo "Start BASIC rules"
#------------------------------------------------------------------------------
iptables -A INPUT -i ! $EXT_INTERFACE -j ACCEPT
iptables -A INPUT -i $EXT_INTERFACE -p icmp -m icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -i $EXT_INTERFACE -p icmp -m icmp --icmp-type 8 -m state --state NEW -j PING
iptables -A INPUT -i $EXT_INTERFACE -p icmp -m icmp --icmp-type 11 -j ACCEPT
iptables -A INPUT -i $EXT_INTERFACE -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j SYNFLOOD
iptables -A INPUT -i $EXT_INTERFACE -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH
iptables -A INPUT -p tcp --dport 21 -m state --state NEW -j FTP
iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j WWW
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j SMTP
iptables -A OUTPUT -j ACCEPT -p ALL -s $LO_IPADDR
iptables -A OUTPUT -j ACCEPT -p icmp -s $ANYWHERE -d $ANYWHERE
iptables -A SYNFLOOD -p tcp -m limit --limit 30/sec --limit-burst 30 -j RETURN
iptables -A SYNFLOOD -j LOG -m limit --limit 6/min --log-prefix "INPUT packets syn DROP2:"
iptables -A SYNFLOOD -p tcp -j REJECT --reject-with tcp-reset
iptables -A PING -p icmp --icmp-type echo-request -m limit --limit 1/second -j ACCEPT
iptables -A PING -p icmp -j REJECT
iptables -A BLACKLIST -m recent --set --name BLACKLIST
iptables -A BLACKLIST -j DROP
iptables -A SSH -m recent --update --name BLACKLIST --seconds 600 --hitcount 1 -j DROP
iptables -A SSH -m recent --set --name counting1
iptables -A SSH -m recent --set --name counting2
iptables -A SSH -m recent --set --name counting3
iptables -A SSH -m recent --set --name counting4
iptables -A SSH -m recent --update --name counting1 --seconds20 --hitcount 5 -j BLACKLIST
iptables -A SSH -m recent --update --name counting2 --seconds 200 --hitcount15 -j BLACKLIST
iptables -A SSH -m recent --update --name counting3 --seconds2000 --hitcount80 -j BLACKLIST
iptables -A SSH -m recent --update --name counting4 --seconds 20000 --hitcount 400 -j BLACKLIST
iptables -A SSH -j ACCEPT
iptables -A FTP -m recent --set --name FTP
iptables -A FTP -m recent --update --name FTP --seconds 180 --hitcount 6 -j BLACKLIST
iptables -A FTP -j ACCEPT
iptables -A WWW -m limit --limit 5/sec --limit-burst 10 -j ACCEPT
iptables -A WWW -j LOG -m limit --limit 6/min --log-prefix "INPUT packets www REJECT2:"
iptables -A WWW -j REJECT
iptables -A SMTP -m recent --update --name SMTP_REJECT_1 --seconds600 --hitcount 1 -j DROP
iptables -A SMTP -m recent --update --name SMTP_REJECT_2 --seconds 3600 --hitcount 1 -j DROP
iptables -A SMTP -m recent --update --name SMTP_REJECT_3 --seconds86400 --hitcount 1 -j DROP
iptables -A SMTP -m recent --update --name SMTP_REJECT_4 --seconds 604800 --hitcount 1 -j DROP
iptables -A SMTP -m recent --set --name smtp_c1
iptables -A SMTP -m recent --set --name smtp_c2
iptables -A SMTP -m recent --set --name smtp_c3
iptables -A SMTP -m recent --set --name smtp_c4
iptables -A SMTP -m recent --update --name smtp_c1 --seconds60 --hitcount10 -j SMTP_REJECT_1
iptables -A SMTP -m recent --update --name smtp_c2 --seconds 600 --hitcount20 -j SMTP_REJECT_2
iptables -A SMTP -m recent --update --name smtp_c3 --seconds3600 --hitcount40 -j SMTP_REJECT_3
iptables -A SMTP -m recent --update --name smtp_c4 --seconds 86400 --hitcount 100 -j SMTP_REJECT_4
iptables -A SMTP -m limit --limit 1/sec --limit-burst 3 -j ACCEPT
iptables -A SMTP -j REJECT
iptables -A SMTP_REJECT_1 -m recent --set --name SMTP_REJECT_1
iptables -A SMTP_REJECT_1 -j LOG --log-prefix "INPUT smtp REJECT: (10min)"
iptables -A SMTP_REJECT_1 -j REJECT
iptables -A SMTP_REJECT_2 -m recent --set --name SMTP_REJECT_2
iptables -A SMTP_REJECT_2 -j LOG --log-prefix "INPUT smtp REJECT: (1h)"
iptables -A SMTP_REJECT_2 -j REJECT
iptables -A SMTP_REJECT_3 -m recent --set --name SMTP_REJECT_3
iptables -A SMTP_REJECT_3 -j LOG --log-prefix "INPUT smtp REJECT: (1day)"
iptables -A SMTP_REJECT_3 -j REJECT
iptables -A SMTP_REJECT_4 -m recent --set --name SMTP_REJECT_4
iptables -A SMTP_REJECT_4 -j LOG --log-prefix "INPUT smtp REJECT: (7day)"
iptables -A SMTP_REJECT_4 -j REJECT
iptables -A FORWARD -p tcp -m tcp –dport 25 -m state –state NEW -m recent –update –s econds 60 –hitcount 6 –name SMTP_LOCAL –rsource -j ULOG –ulog-prefix “Spam:” –ulog-nlgroup 2 –ulog-cprange 100
Popularity: 11% [?]
Related posts
- How to block UDP packets on all ports except one
- Tips for use Linux as mail server for Mail Marketing Script
