On 24.05.22 09:36, Jan Hugo Prins wrote:
- The below commands drops ALL future connections to the IMAP ports and not just the one from that specific IP address.
On 5/23/22 23:16, Hippo Man wrote:
OOPS! I incorrectly copied and pasted the iptables command in my previous message. Here is the correct iptables command:
iptables -I INPUT -p tcp -m multiport --destination-port 143,993 -d aaa.bbb.ccc.ddd -j DROP
This command successfully blocks *future* connections to ports 143 and 993 from that IP address, but as I mentioned, it doesn't kill the currently open connection.
That's because the "correct" iptables command still uses "-d" instead of the "-s" that'd match the "*from* that IP address" specification. ;-)
Even if you don't have a tool at hand that can tear down the existing TCP connection, and don't want to give up the ESTABLISHED-ACCEPT rule's priority (it's some additional burden to the CPU to match *all* incoming IMAP(S) packets against the blocklist, after all), you could always render it effectively unusable by setting a (blackhole) host route for the IP.
Regards,
Jochen Bern Systemingenieur
Binect GmbH