[Novalug] IPTables question

Clif Flynt clif@cflynt.com
Wed Jan 16 01:24:26 EST 2008


Hi,
  You probably don't want to use IPTables to stop spam unless you're
getting Denial-of-Service attacked.

  IP Tables are a way to define which types of IP Packets you'll allow
onto your system, and how to handle ones you don't allow.

  You set up IP Tables with rules like:
  
  I'll accept an SSH connection from anyone.

  I only accept a DNS reply packet from a site I sent a DNS 
  query to.
  
  I never accept any packets on the smb port.
  
  I'll accept SMTP Packets from anywhere.  (The mailer may decide
  to drop the connection if they don't like the site later.)
  
  I won't accept any packets from some IP address.
  
  I won't accept ping packets on my external interface, but I will 
  accept them on the internal NIC.
  
  Etc.
  
  So far as spam goes...

  There's several tools for reducing spam.  I run sendmail, and
found using a greylist milter reduced my spam by a factor of 10.

  Lots of folks like SpamAssasin.  That one  looks good to me, but by
the time it came out I already had some homegrown hacks in place
that work well enough for me.

Clif

-- 
.... Clif Flynt ... http://www.cflynt.com ... clif@cflynt.com ...
.. Tcl/Tk: A Developer's Guide (2nd edition) - Morgan Kauffman ..
.. 15'th Annual Tcl/Tk Conference:  Oct 2008,  Philadelphia, PA.. 
.............  http://www.tcl.tk/community/tcl2008/  ............








More information about the Novalug mailing list