Hello,
I have been getting lots of messages from about 30 different servers in my messages log file from bind. I have tried to eliminate them from input using various methods but I can only seem to stop them on the output.
When I try to feed it to the BLOCKLIST using -s or -d or directly using -A or -I INPUT it never works because it always seems to be going to my internal ip address xxx.168.1.85 so the ips that I want dropped on INPUT never get dropped, but they are dropped on the OUTPUT.
What should I try to drop these bad servers.
Thanks in advance,
Craig
I have been getting lots of messages from about 30 different servers in my messages log file from bind. I have tried to eliminate them from input using various methods but I can only seem to stop them on the output.
When I try to feed it to the BLOCKLIST using -s or -d or directly using -A or -I INPUT it never works because it always seems to be going to my internal ip address xxx.168.1.85 so the ips that I want dropped on INPUT never get dropped, but they are dropped on the OUTPUT.
What should I try to drop these bad servers.
Thanks in advance,
Craig
Code:
FROM: messages log file
Mar 31 07:24:02 ns85 named[11563]: error (host unreachable) resolving 'xxxxxofficecenter.us/A/IN': xxx.188.198.53#53
----------
FROM iptables
# Generated by iptables-save v1.4.9 on Sat Mar 30 07:23:23 2013
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [202:34178]
:BLOCKLIST - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j BLOCKLIST
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j BLOCKLIST
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -d xxx.188.198.53/32 -j DROP
-A BLOCKLIST -d xxx.188.198.53/32 -j DROP
-A BLOCKLIST -d xxx.188.198.53/32 -j RETURN
#-A BLOCKLIST -s xxx.188.198.53/32 -j DROP
#-A BLOCKLIST -s xxx.188.198.53/32 -j RETURN
-A BLOCKLIST -d xxx.168.1.85/32 -j ACCEPT
-A BLOCKLIST -d xxx.102.80.42/32 -j ACCEPT
-A BLOCKLIST -d xxx.168.1.1/32 -j DROP
-A BLOCKLIST -d xxx2.168.1.1/32 -j RETURN
-A BLOCKLIST -j ACCEPT
COMMIT
# Completed on Sat Mar 30 07:23:23 2013
----------------
iptables -n -v -L --line-numbers
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 232K 134M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
3 17481 1103K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
4 4 172 BLOCKLIST tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
5 2699 194K BLOCKLIST udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
24 5593 553K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 285K packets, 246M bytes)
num pkts bytes target prot opt in out source
destination
6 192 14814 DROP all -- * * 0.0.0.0/0 206.188.198.53
Chain BLOCKLIST (2 references)
num pkts bytes target prot opt in out source
destination
11 0 0 DROP all -- * * 0.0.0.0/0 xxx.188.198.53
12 0 0 RETURN all -- * * 0.0.0.0/0 xxx.188.198.53
33 2703 195K ACCEPT all -- * * 0.0.0.0/0 xxx.168.1.85
34 0 0 ACCEPT all -- * * 0.0.0.0/0 xxx.102.80.42
35 0 0 DROP all -- * * 0.0.0.0/0 xxx.168.1.1
36 0 0 RETURN all -- * * 0.0.0.0/0 xxx.168.1.1
37 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0