Quote:
Originally Posted by till
There is no way implemented to add any custom rules. It might get added in later versions.
|
Actually, there may be an easy way, at least on Fedora Linux most or all Cores and maybe in all Linux distros using Bastille.
In /etc/Bastille you should have or can create a directory named firewall.d. In that directory, you can add a file that is run on server reboot, thus restoring your "special" rules such as blocking a Nigerian ISP that has some nasty fellows who are constantly probing your server....
======================
cd /etc/Bastille
mkdir firewall.d
vi post-rule-setup.sh
INSERT the iptables COMMANDS you need, for example
iptables -I INPUT -m iprange --src-range 82.128.0.0-82.128.127.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 82.128.0.0-82.128.127.255 -j DROP
=======================
Save the file, then when iptables starts at boot it loads these rules.
I have found this to be an effective way to permanently deal with a lot of the server brute-force-attacks originating again and again in some countries, and to forever block someone who used cracked SMTP logins to spam.
Any iptables rules in the file are run, but be sure that the rules are valid and tested from the command line so that you don't break iptables on boot.
Richard
English | 
Deutsch
Adding rules to IPTables/Postfix ports
Hybrid Mode
Recent comments
11 hours 19 min ago
16 hours 24 min ago
20 hours 49 min ago
22 hours 38 min ago
1 day 12 hours ago
1 day 12 hours ago
1 day 17 hours ago
2 days 33 min ago
2 days 1 hour ago
2 days 2 hours ago