The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iptables is not filtering IP Addresses

Discussion in 'Security' started by jsmcm, Nov 19, 2011.

  1. jsmcm

    jsmcm Member

    Joined:
    Nov 15, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi All,

    I have a few domains hitting my SMTP server every few seconds. They can't actually send because they can't authenticate, but its still annoying and it fills up my log files quickly.

    I tried blocking the IP Addresses in WHM -> Exim config, but this had no effect (I blocked my own IP and could still connect to port 25).

    I also tried blocking it with iptables using combinations of the following (I tried different combos to test if any would work):

    iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp -dport 25 -j REJECT
    iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp -dport 25 -j DROP

    iptables -I INPUT -s xxx.xxx.xxx.xxx -p tcp -dport 25 -j REJECT
    iptables -I INPUT -s xxx.xxx.xxx.xxx -p tcp -dport 25 -j DROP


    I did use service iptables save and restart.

    I can however still connect to the SMTP server even with the IP blocked in exim's black list, and blocked in iptables.

    I have made no other changes to iptables, apart from that its just the cpanel generated stuff in there.

    Any help please?
     
  2. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    you dont have a firewall to block these ips?
     
  3. nightman

    nightman Member

    Joined:
    Aug 3, 2008
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    install a firewall then it will be easier for you to block an ip.

    try apf firewall. then by issuing a single command, you can block an IP.
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
  5. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    The installation script is generic and works on everything, but of course, works better on cPanel as CSF provides more features with cPanel - including some advanced interaction with cPanel and WHM UI.

    Actually, in my opinion, it's more used because:
    • It's an all round firewall, providing security advice and management as well as iptables management (which is pretty much all apf does, from memory)
    • It is much smarter about blocking attackers
    • It has both WHM and webmin UIs available
    • It is regularly maintained and updated by the author, with approximately monthly fixes and updates
    • It is very feature rich - with things like port knocking and temporary blocks built into it
     
Loading...

Share This Page