thr3ads.net - Shorewall users - I am not subscribed to the list but have only one question [Jan 2004]

If this information is useful, please help other people find it:
Share via:

Matthew_Doherty@datawatch.com

2004-Jan-22 16:35 UTC

I am not subscribed to the list but have only one question

I am running shorewall version 1.3.14 on RedHat Linux 7.3 for sometime.. 

I have been receiving tons of spam email from IP addresses beginning with 
69.9.*.*  In shorewall firewall I have set up a DROP for 69.9 , 69.9.0.0 
and 69.9.255.255
Obviously I am trying to block and entire subnet. Its not working though. 
Any help on how to block an entire subnet would be appreciated. Thank You!

 below is a display of my table:

(note, Firewall iS: mail server/ DNS server / FTP server / webserver / )





Action
Source
Destination
Protocol
Source ports
Destination ports
Move
ACCEPT
Zone net
Firewall
TCP
Any
80

ACCEPT
Zone net
Firewall
TCP
Any
22

ACCEPT
Zone net
Firewall
TCP
Any
10000

ACCEPT
Zone net
Firewall
TCP
Any
1010

ACCEPT
Zone net
Firewall
TCP
Any
21

ACCEPT
Zone net
Firewall
TCP
Any
443

ACCEPT
Zone net
Firewall
TCP
Any
53

ACCEPT
Zone net
Firewall
UDP
Any
53

DROP
Host 69.6 in zone net
Firewall
TCP
Any


DROP
Host 69.6.0.0 in zone net
Firewall
TCP
Any


DROP
Host 69.6.255.255 in zone net
Firewall
TCP
Any


DROP
Host 172.22.51.0 in zone net
Firewall
TCP
Any


DROP
Host 69.60.0.0 in zone net
Firewall
TCP
Any

Tom Eastep

2004-Jan-22 16:49 UTC

head link

Re: I am not subscribed to the list but have only one question

On Thursday 22 January 2004 08:35 am, Matthew_Doherty@datawatch.com
wrote:> I am running shorewall version 1.3.14 on RedHat Linux 7.3 for sometime..
>
> I have been receiving tons of spam email from IP addresses beginning with
> 69.9.*.*  In shorewall firewall I have set up a DROP for 69.9 , 69.9.0.0
> and 69.9.255.255
> Obviously I am trying to block and entire subnet. Its not working though.
> Any help on how to block an entire subnet would be appreciated. Thank You!
>
>
Shorewall uses CIDR notation:

DROP	net:69.9.0.0/16	fw	all

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Matthew_Doherty@datawatch.com

2004-Jan-22 18:21 UTC

head link

Re: I am not subscribed to the list but have only one question

Thank You!
Its working!



Tom Eastep <teastep@shorewall.net> 
01/22/2004 11:49 AM

To
Mailing List for Experienced Shorewall Users 
<shorewall-users@lists.shorewall.net>, Matthew_Doherty@datawatch.com
cc

Subject
Re: [Shorewall-users] I am not subscribed to the list but have only one 
question






On Thursday 22 January 2004 08:35 am, Matthew_Doherty@datawatch.com
wrote:> I am running shorewall version 1.3.14 on RedHat Linux 7.3 for sometime..
>
> I have been receiving tons of spam email from IP addresses beginning 
with> 69.9.*.*  In shorewall firewall I have set up a DROP for 69.9 , 69.9.0.0
> and 69.9.255.255
> Obviously I am trying to block and entire subnet. Its not working 
though.> Any help on how to block an entire subnet would be appreciated. Thank 
You!>
>
Shorewall uses CIDR notation:

DROP             net:69.9.0.0/16                 fw              all

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Shorewall users - Jan 2004 - I am not subscribed to the list but have only one question

I am not subscribed to the list but have only one question

Re: I am not subscribed to the list but have only one question

Re: I am not subscribed to the list but have only one question