Watch out for IPTables and order of execution of rules

I recently need to block Barracuda network ips from accessing my mail server, MailWizz. I did the typical

iptables -A INPUT -s 64.235.144.0/20 -j DROP

iptables -A INPUT -s 209.222.80.0/21 -j DROP

iptables -A INPUT -s 35.176.92.96/27 -j DROP

iptables -A INPUT -s 35.157.190.224/27 -j DROP

iptables -A INPUT -s 5.188.211.0/24 -j DROP

iptables -A INPUT -s 204.101.161.159 -j DROP

iptables -A INPUT -s 207.102.138.158 -j DROP

then

service iptables save

service iptables end

the problem with this setup is that those rules end up getting appended to the end and never get blocked. It’s better to go into the iptables directly. ON Centos 7, that is located in /etc/sysconfig/iptables. I added these lines directly before any of the rules were executed.

-A INPUT -s 64.235.144.0/20 -j DROP
-A INPUT -s 209.222.80.0/21 -j DROP
-A INPUT -s 35.176.92.96/27 -j DROP
-A INPUT -s 35.157.190.224/27 -j DROP
-A INPUT -s 5.188.211.0/24 -j DROP
-A INPUT -s 204.101.161.159/32 -j DROP
-A INPUT -s 207.102.138.158/32 -j DROP

I’m also putting in a post on how to block Amazon Bots.  However you’ll need to redo the above after running these commands in Centos 7

yum install git

git clone https://github.com/corbanworks/aws-blocker.git

yum install jq

cd aws-blocker

bash aws-blocker

iptables-save | sudo tee /etc/sysconfig/iptables

service iptables save

service iptables restart

Then add the above manually and you’ll have both AWS and Barracuda blocked.

Leave a Reply

Your email address will not be published. Required fields are marked *