Link to home
Start Free TrialLog in
Avatar of Chris Andrews
Chris AndrewsFlag for United States of America

asked on

Having trouble denying an ip.

I'm running linux/apache, and I'm using this to block an ip

iptables -A INPUT -s 85.158 -j DROP

But my mail filter program still says it's still getting connections from that ip, and it overwhelms the system:

Mar 31 08:37:19 [1267]: Rejected connection from 85.158.138.179:11449 (busy), ceiling is 5 slots
Mar 31 08:37:19 [1267]: Rejected connection from 85.158.138.179:55879 (busy), ceiling is 5 slots

I also use apf, and have blocked it through that,

/usr/local/sbin/apf -d 85.158.

but it's still getting through.

Any ideas on what to do or why this isn't working?

Does iptables have to be restarted or anything?  If so, how?

thanks,  Chris
Avatar of fosiul01
fosiul01
Flag of United Kingdom of Great Britain and Northern Ireland image

yes, you need to save iptables rules after inserting

then restart the iptables

Avatar of Chris Andrews

ASKER

Thank you, how do I do that?
ASKER CERTIFIED SOLUTION
Avatar of fosiul01
fosiul01
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ah, thank you, that seems to have done it!  dam spammers!
are you trying to add those Ip one by one by hand ??

then you will go mad!!

use fail2ban, or portsentry

any attemept more then 3 or 4 times, those will block those Ip automaticaly
Thank you, normally I don't have to, my spam program, mailstripper, takes care of things pretty well.  This was move of a denial of service type thing (I guess), just overwhelming my server with junk mail, more than it could handle, so legit mails couldn't get through.

I'll take a look at these programs right now.  
Not saying it was a dos attack on purpose, but the amount of spam coming from that ip had that effect on my mail services.