SASL LOGINに失敗しているIPアドレスを取り出す
grep "SASL LOGIN authentication failed" /var/log/system.log|awk '{print $7}'|sort|uniq -c |sort -r|cut -f2 -d'['|sort|sed 's/]://g'
現在のipfwの設定値を表示する
ujp:~ user$ ipfw list ipfw: socket: Operation not permitted ujp:~ user$
rootユーザにスイッチする.
ujp:~ user$ su Password: sh-3.2# ipfw list 00001 allow udp from any 626 to any dst-port 626 01000 allow ip from any to any via lo0 01010 deny ip from any to 127.0.0.0/8 01020 deny ip from 224.0.0.0/4 to any in 01030 deny tcp from any to 224.0.0.0/4 in 12300 allow ip from any to any 65534 deny ip from any to any 65535 allow ip from any to any sh-3.2#
IPアドレスのルールを追加する
sh-3.2# ipfw add 1001 deny tcp from 88.215.177.135 to any in 01001 deny tcp from 88.215.177.135 to any in sh-3.2# ipfw list 00001 allow udp from any 626 to any dst-port 626 01000 allow ip from any to any via lo0 01001 deny tcp from 88.215.177.135 to any in ←追加したやつ 01010 deny ip from any to 127.0.0.0/8 01020 deny ip from 224.0.0.0/4 to any in 01030 deny tcp from any to 224.0.0.0/4 in 12300 allow ip from any to any 65534 deny ip from any to any 65535 allow ip from any to any sh-3.2#
もう一回追加する.
sh-3.2# ipfw add 1001 deny tcp from 175.116.152.58 to any in 01001 deny tcp from 175.116.152.58 to any in sh-3.2# ipfw list 00001 allow udp from any 626 to any dst-port 626 01000 allow ip from any to any via lo0 01001 deny tcp from 88.215.177.135 to any in ←さっき追加した奴 01001 deny tcp from 175.116.152.58 to any in ←今追加した奴 01010 deny ip from any to 127.0.0.0/8 01020 deny ip from 224.0.0.0/4 to any in 01030 deny tcp from any to 224.0.0.0/4 in 12300 allow ip from any to any 65534 deny ip from any to any 65535 allow ip from any to any sh-3.2#
ルール番号はダブルブッキングOKのようだけど登録順に並べられるようである.
Counter: 851,
today: 1,
yesterday: 2
最終更新: 2014-02-15 (土) 01:24:23 (JST) (3717d) by shinnai(shinnai)