opsætning af ip range i iptables til blokering af land
hejjeg har et spørgsmål mht iptables
jeg driver et site sammen med en ven ( et dating site i udlandet ) der får vi med jævne mellemrum besøg af folk der forsøger at bruge vores site til de så kalde nigeria-breve ( blev vist kalt dette fordi de førest af dem kom fra nigeira ), disse breve bliver så send til alle i systemet og er til gene for de andre bruger ...
eks vises her
Dearest One,
I know it might be a surprise to recieve a letter like this from unknown person. I am Miss Lilia Dikko the only child of Mr and Mrs Joseph Dikko,my father was posioned to death by his business associates because of his wealth and during my fathers sickness he called me on his sick bed as his only child because my mother died when am young and told me about the money($10.500.000) he deposited in a bank here in our country that it was because of this money he was posioned that if he dies i shall look for some one whom i trust to help me transfer this money out of this our country to his account for investment purpose abroad while i will continue my education then the person will be managing the investment.Dear am solicating your assistance to help me transfer this money out of this country for my life sake while i will come to meet you to continue my education in your country. So please urgent contact me now (lilia_dikko020@yahoo.fr)
Thanks and God bless you.
Lilia Dikko
Dem vil jeg gerne blokere for at vil derfor sætte en regl op så de ikke lige kommer ind i systemet, dette kan selvfølgelig godt gøre med en sætning sam denne ( eller disse )
iptables -A CUSTOMFORWARD -i eth1 -p tcp -m iprange --src-range 196.201.64.0-196.201.64.255 -j DROP
iptables -A CUSTOMFORWARD -i eth1 -p tcp -m iprange --src-range 196.201.65.0-196.201.65.255 -j DROP
iptables -A CUSTOMFORWARD -i eth1 -p tcp -m iprange --src-range 196.201.66.0-196.201.66.255 -j DROP
dette er ikke så smart da jeg jo skal have 30 linjer ind alene for dette range, så jeg ville vide om der ikke er en måde at beskrive et range i 3 position eks dem jeg vil blikere for har dette range ( 196.201.64.0-196.201.95.255 ( staten er Cote D'Ivoire i afrika der kommer med 95 % af disse breve )), det jeg tænkte på er der andre måde at gøre det på så alle sammen kommer under et kald, altså fra 196.201.64.* 196.201.95.* det skal lige siges at der bruges iptables v1.2.11,,,,,,
Mvh The toastermaster
