CentOS - Jun 2014 - Firewall question

I have a firewall rule to drop packets from certain addresses: (email spam)
my /etc/sysconfig/iptables begins as:

# Generated by iptables-save v1.4.7 on Thu Jun 26 09:11:09 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:148]
-A INPUT -m pkttype --pkt-type multicast -j ACCEPT
-A INPUT -s 223.255.229.0/24 -j DROP
-A INPUT -s 218.96.0.0/24 -j DROP
-A INPUT -s 216.227.128.0/24 -j DROP
-A INPUT -s 216.156.135.0/24 -j DROP
-A INPUT -s 213.251.189.0/24 -j DROP
-A INPUT -s 213.239.219.0/24 -j DROP
-A INPUT -s 213.205.32.0/24 -j DROP
-A INPUT -s 213.136.70.0/24 -j DROP
-A INPUT -s 212.178.110.0/24 -j DROP
-A INPUT -s 212.83.141.0/24 -j DROP
-A INPUT -s 212.83.136.0/24 -j DROP
-A INPUT -s 212.83.134.0/24 -j DROP
-A INPUT -s 210.107.197.0/24 -j DROP
-A INPUT -s 209.239.123.0/24 -j DROP
-A INPUT -s 209.133.56.0/24 -j DROP
-A INPUT -s 209.126.73.0/24 -j DROP
-A INPUT -s 209.126.72.0/24 -j DROP
-A INPUT -s 209.126.71.0/24 -j DROP
-A INPUT -s 209.126.70.0/24 -j DROP
-A INPUT -s 198.101.11.0/24 -j DROP

then /var/log/maillog gices this entry.

from=<griffon at dree.eu>, size=9037, class=0, nrcpts=1, msgid=<
3542.159.259897.271846 at dree.eu> , proto=ESMTP, daemon=MTA,
relay=[198.101.11.141]


How is that coming through???

Why is the firewall not dropping the packets?
I have restarted iptables so the rules are active .

And just to make sure:
iptables -L -n | grep 198.101
DROP       all  --  198.101.11.0/24      0.0.0.0/0

Thoughts?

Thanks.

Jerry

On 06/26/2014 09:18 AM, Jerry Geis wrote:
> I have a firewall rule to drop packets from certain addresses: (email spam)
> my /etc/sysconfig/iptables begins as:
>
> # Generated by iptables-save v1.4.7 on Thu Jun 26 09:11:09 2014
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [1:148]
> -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
> -A INPUT -s 223.255.229.0/24 -j DROP
> -A INPUT -s 218.96.0.0/24 -j DROP
> -A INPUT -s 216.227.128.0/24 -j DROP
> -A INPUT -s 216.156.135.0/24 -j DROP
> -A INPUT -s 213.251.189.0/24 -j DROP
> -A INPUT -s 213.239.219.0/24 -j DROP
> -A INPUT -s 213.205.32.0/24 -j DROP
> -A INPUT -s 213.136.70.0/24 -j DROP
> -A INPUT -s 212.178.110.0/24 -j DROP
> -A INPUT -s 212.83.141.0/24 -j DROP
> -A INPUT -s 212.83.136.0/24 -j DROP
> -A INPUT -s 212.83.134.0/24 -j DROP
> -A INPUT -s 210.107.197.0/24 -j DROP
> -A INPUT -s 209.239.123.0/24 -j DROP
> -A INPUT -s 209.133.56.0/24 -j DROP
> -A INPUT -s 209.126.73.0/24 -j DROP
> -A INPUT -s 209.126.72.0/24 -j DROP
> -A INPUT -s 209.126.71.0/24 -j DROP
> -A INPUT -s 209.126.70.0/24 -j DROP
> -A INPUT -s 198.101.11.0/24 -j DROP
>
> then /var/log/maillog gices this entry.
>
> from=<griffon at dree.eu>, size=9037, class=0, nrcpts=1, msgid=<
> 3542.159.259897.271846 at dree.eu> , proto=ESMTP, daemon=MTA,
> relay=[198.101.11.141]
>
>
> How is that coming through???
>
> Why is the firewall not dropping the packets?
> I have restarted iptables so the rules are active .
>
> And just to make sure:
> iptables -L -n | grep 198.101
> DROP       all  --  198.101.11.0/24      0.0.0.0/0
>
> Thoughts?
>
> Thanks.
>
> Jerry
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
If you add a -v to your

iptables -L -n | grep 198.101

are you seeing the rule get hit?


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark at netwolves.com
http://www.netwolves.com

On 06/26/2014 09:18 AM, Jerry Geis wrote:
> I have a firewall rule to drop packets from certain addresses: (email spam)
> my /etc/sysconfig/iptables begins as:
>
> # Generated by iptables-save v1.4.7 on Thu Jun 26 09:11:09 2014
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [1:148]
> -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
> -A INPUT -s 223.255.229.0/24 -j DROP
> -A INPUT -s 218.96.0.0/24 -j DROP
> -A INPUT -s 216.227.128.0/24 -j DROP
> -A INPUT -s 216.156.135.0/24 -j DROP
> -A INPUT -s 213.251.189.0/24 -j DROP
> -A INPUT -s 213.239.219.0/24 -j DROP
> -A INPUT -s 213.205.32.0/24 -j DROP
> -A INPUT -s 213.136.70.0/24 -j DROP
> -A INPUT -s 212.178.110.0/24 -j DROP
> -A INPUT -s 212.83.141.0/24 -j DROP
> -A INPUT -s 212.83.136.0/24 -j DROP
> -A INPUT -s 212.83.134.0/24 -j DROP
> -A INPUT -s 210.107.197.0/24 -j DROP
> -A INPUT -s 209.239.123.0/24 -j DROP
> -A INPUT -s 209.133.56.0/24 -j DROP
> -A INPUT -s 209.126.73.0/24 -j DROP
> -A INPUT -s 209.126.72.0/24 -j DROP
> -A INPUT -s 209.126.71.0/24 -j DROP
> -A INPUT -s 209.126.70.0/24 -j DROP
> -A INPUT -s 198.101.11.0/24 -j DROP
>
> then /var/log/maillog gices this entry.
>
> from=<griffon-nE+wjYP3CAo@public.gmane.org>, size=9037, class=0,
nrcpts=1, msgid=<
> 3542.159.259897.271846-nE+wjYP3CAo@public.gmane.org> , proto=ESMTP,
daemon=MTA,
> relay=[198.101.11.141]
>
>
> How is that coming through???
>
> Why is the firewall not dropping the packets?
> I have restarted iptables so the rules are active .
>
> And just to make sure:
> iptables -L -n | grep 198.101
> DROP       all  --  198.101.11.0/24      0.0.0.0/0
>
> Thoughts?
>
> Thanks.
>
> Jerry
> _______________________________________________
> CentOS mailing list
> CentOS-IFYaIzF+flcdnm+yROfE0A@public.gmane.org
> http://lists.centos.org/mailman/listinfo/centos
>
If you add a -v to your

iptables -L -n | grep 198.101

are you seeing the rule get hit?


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark-HKs6b5iW9l2akBO8gow8eQ@public.gmane.org
http://www.netwolves.com