(弱智招,在哪个网段邮件服务器也被拒绝,这批文章只能用来参考在freebsd下ipfw的启用了)
没想到有网络流氓,我的邮件服务器一直没有安装防火墙,结果发现流氓扫描学生的弱口令,利用我的服务器来发垃圾邮件,3天干了67万封堆在服务器里,简直气死我了。
经研究,决定使用IPFW来deny掉源IP段的25端口,过程如下:
1.编译内核,激活IPFW:
# cd /usr/src/sys/amd64/conf
# cp GENERIC ZXIPFW
# vi ZXIPFW
修改内容如下:
#ident GENERIC
ident zxipfw
加入:
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_FORWARD
options DUMMYNET
注意内核参数中别的最好别动,我搞笑的把options NFSCLIENT 和options NFSSERVER 给关了,结果导致内核编译出错,还不知道神马回事。
然后编译内核:
# /usr/sbin/config ZXIPFW
# cd ../compile/ZXIPFW
# make cleandepend && make depend
# make
# make install
可以重启下。
修改/etc/rc.conf
加入:
firewall_enable="YES"
firewall_script="YES"
firewall_script="/etc/ipfw.rules"
firewall_quiet="NO"
firewall_logging_enable="YES"
我不知道为什么,我用firewall_script="/etc/rc.firewall" 老出错,干脆就自己写了ipfw.rules了。
编辑/etc/ipfw.rules
加入:
ipfw -q -f flush
ipfw -q add check-state
ipfw -q add deny log tcp from 121.206.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 111.78.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 117.44.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 182.114.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 211.154.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 124.225.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 183.15.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 60.22.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 59.50.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 59.58.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 59.38.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 42.49.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 59.38.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 222.78.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 222.246.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 110.53.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 61.154.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 219.131.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 124.126.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 219.142.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 222.213.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 120.38.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 218.86.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 117.21.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 58.60.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 221.234.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 222.186.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 110.205.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 202.108.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 112.94.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 222.244.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 113.90.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 119.41.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 112.67.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 219.154.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 123.11.0.0/16 to any 25 via em0
ipfw -q add deny log tcp from 116.25.0.0/16 to any 25 via em0
这些万恶的IP段就是利用我的邮件服务器发送垃圾邮件的源地址,smtp是TCP 25端口,我用的是em0网口。
这些地址持续更新中。
重启一下网卡就生效了:/etc/netstart
看看效果:ipfw show 如果有被拦截的,则会显示拦截包数量。
看看你的过滤规则:ipfw list
如果需要看到拦截的日志:
touch /var/log/ipfw.log
需要在规则中加log字段:
ipfw -q add deny log tcp from 42.49.0.0/16 to any 25 via em0
要让系统日志自动每日打包:
编辑/etc/syslog.conf加入:
!ipfw
*.* /var/log/ipfw.log
OK!
阅读(2073) | 评论(0) | 转发(1) |