Autor: Bernard Hurley Data: A: Cyborg CC: exim-users Assumpte: Re: [exim] Block access to certain IPs
On Fri, Nov 23, 2012 at 10:42:18AM +0100, Cyborg wrote: > Am 23.11.2012 08:48, schrieb Bernard Hurley:
> >You can also block a range of IP's with code like: iptables -A
> >INPUT -s XX.XX.XX.0/16 -p tcp --dport 25 -j REJECT
>
> Just a hint,
>
> if you firewall a connection, just block the SYN flagged pakets, and
> not the others.
> If you don't do this, the connection which caused the firewall
> entry, will hold, until it times out, because the FIN and RST pakets
> do not reach the sockets anymore .
>