Hi all,
I’ve got linux server (spam filter) behind mikrotik firewall (via dstnat) and i try to block some IPs that atack and send spam. I banned (dropped communication with) that IPs with prerouting rules and also with forward/input rules, but I still see (especially one) IPs in the log of that linux machine. Is there any suggestions?
Thank you guys!
Jan
Did you put the pre-routing filter in RAW section?
Yes, I did it, I use public sbl and my own.
ip firewall raw add chain=prerouting dst-address-list=“sbl blocklist.de” action=drop comment=“sbl blocklist.de”
Thank you!
I am really stunned that no one pointed out in past few days that this is never is going to work.
The domain sbl.blocklist.de is not an DNS that returns all blocked addresses but only its own.
Look at the blacklist of Dave and that is a complete functional list that is refreshed many times each day.
http://forum.mikrotik.com/t/blacklist-filter-update-script/89817/1
Sorry, that’s not complete code (only part). How it’s made is here: http://blog.squidblacklist.org/?p=297
Wouldn’t it be safer to use src-address-list in your filter instead of dst-address-list?
-Chris