I recently need to block Barracuda network ips from accessing my mail server, MailWizz. I did the typical
iptables -A INPUT -s 64.235.144.0/20 -j DROP
iptables -A INPUT -s 209.222.80.0/21 -j DROP
iptables -A INPUT -s 35.176.92.96/27 -j DROP
iptables -A INPUT -s 35.157.190.224/27 -j DROP
iptables -A INPUT -s 5.188.211.0/24 -j DROP
iptables -A INPUT -s 204.101.161.159 -j DROP
iptables -A INPUT -s 207.102.138.158 -j DROP
then
service iptables save
service iptables end
the problem with this setup is that those rules end up getting appended to the end and never get blocked. It’s better to go into the iptables directly. ON Centos 7, that is located in /etc/sysconfig/iptables. I added these lines directly before any of the rules were executed.
-A INPUT -s 64.235.144.0/20 -j DROP
-A INPUT -s 209.222.80.0/21 -j DROP
-A INPUT -s 35.176.92.96/27 -j DROP
-A INPUT -s 35.157.190.224/27 -j DROP
-A INPUT -s 5.188.211.0/24 -j DROP
-A INPUT -s 204.101.161.159/32 -j DROP
-A INPUT -s 207.102.138.158/32 -j DROP
I’m also putting in a post on how to block Amazon Bots. However you’ll need to redo the above after running these commands in Centos 7
yum install git
git clone https://github.com/corbanworks/aws-blocker.git
yum install jq
cd aws-blocker
bash aws-blocker
iptables-save | sudo tee /etc/sysconfig/iptables
service iptables save
service iptables restart
Then add the above manually and you’ll have both AWS and Barracuda blocked.