[ previous ] [ next ] [ threads ]
 From:  Michael Brown <knightmb at knightmb dot dyndns dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] one pass rule in the firewall overrides all other block rules
 Date:  Sun, 28 May 2006 12:03:02 -0500
Thanks all, I knew it was something simple, LOL.  That simple solution 
just didn't click in my brain for some reason, glad to have a 2nd and 
3rd pair of eyes to take a look.


Lee Sharp wrote:
> From: "Michael Brown" <knightmb at knightmb dot dyndns dot org>
>> I'm trying to figure out if this is normal behavior or not. I have 
>> the firewall set to allow a port in (SMTP) for the mail server. 
>> Lately, I had been getting a lot of spam from a certain IP range, but 
>> after trying to get the ISP to resolve it, I just decided to block 
>> the entire range until such time.  I added a block rule in the 
>> firewall list and moved it above the "allow" rule for port 25.  For 
>> some reason after applying the rules and days later, spam still comes 
>> in from that IP.
>> <filter>
>>        <rule>
>>            <type>reject</type>
>>            <interface>wan</interface>
>>            <protocol>tcp</protocol>
>>            <source>
>>                <address></address>
>>                <port>25</port>
>>            </source>
>>            <destination>
>>                <any/>
>>                <port>25</port>
>>            </destination>
>>            <descr>Block Spam Servers #1</descr>
>>        </rule>
> Change to source port "ANY" because he is probably not orriginating on 
> port 25.
>                            Lee
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch