[plug] Abuse report bounces: no DNS record
William Kenworthy
billk at iinet.net.au
Mon Feb 20 23:17:48 WST 2006
On Mon, 2006-02-20 at 20:00 +0800, Alex Nordstrom wrote:
> Monday, 20 February 2006 19:34, Ben Jensz wrote:
>
> If you do not have any business with South Korea and/or China, dropping
> anything from IP addresses known to belong to those countries. I start
> with the Sinokorean list at okean.com[1] and just generalise the rules.
> Apparently this attacker was not included in the list I had, though
> (which might be outdated).
>
> [1] http://www.okean.com/antispam/iptables/iptables.html
>
>
Try using geoip - blackholing china alone helps enormously! Basicly
geoip is a list extracted monthly (for the "free" service, more often if
you pay) that the geoip iptables module uses uses to look up a countries
networks based on a country digraph.
e.g.,
/sbin/iptables -t raw -A PREROUTING -m geoip --src-cc CN -j LOG
--log-prefix "GEOIP Dropped (CHINA) " && \
/sbin/iptables -t raw -A PREROUTING -m geoip --src-cc CN -j DROP && \
BillK
More information about the plug
mailing list