[ previous ] [ next ] [ threads ]
 From:  "Lee Sharp" <leesharp at hal dash pc dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] one pass rule in the firewall overrides all other block rules
 Date:  Sun, 28 May 2006 11:51:41 -0500
From: "Michael Brown" <knightmb at knightmb dot dyndns dot org>

> I'm trying to figure out if this is normal behavior or not. I have the 
> firewall set to allow a port in (SMTP) for the mail server. Lately, I had 
> been getting a lot of spam from a certain IP range, but after trying to 
> get the ISP to resolve it, I just decided to block the entire range until 
> such time.  I added a block rule in the firewall list and moved it above 
> the "allow" rule for port 25.  For some reason after applying the rules 
> and days later, spam still comes in from that IP.

> <filter>
>        <rule>
>            <type>reject</type>
>            <interface>wan</interface>
>            <protocol>tcp</protocol>
>            <source>
>                <address></address>
>                <port>25</port>
>            </source>
>            <destination>
>                <any/>
>                <port>25</port>
>            </destination>
>            <descr>Block Spam Servers #1</descr>
>        </rule>

Change to source port "ANY" because he is probably not orriginating on port