Tag Archives: Linux How to

Unix Similar multi-user operating systems based on the Linux kernel and essentially on GNU software. Like CentOS, Debian, Ubuntu Fedora.

Block IP address using Linux Firewall

DDoS and suspicious attacks from source IP addresses can exhaust services and system resources. This tutorial show the commands to block IP addresses on common Linux kernel firewalls

Fire up a terminal and log on to the server by using SSH and then complete the steps for firewalld in the first chapter. The second chapter shows the commands for UFW, and the third shows using iptables.

firewalld commands

firewalld is on RHEL 7 and later, CentOS 7, Fedora 18 and later.

To ensure that firewalld is running on your server, run the following command. If firewalld is not running, go to the iptables chapter.

$ sudo systemctl status firewalld

Run the following command to block the IP address and to add the rule to the permanent set:

$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='xxx.xxx.xxx.xxx' reject"

Run the following command to reload the firewalld rules:

$ sudo firewall-cmd --reload

Run the following command to list and verify the new rule:

$ sudo firewall-cmd --list-all

Run the following command to remove a blocked IP address.

$ sudo firewall-cmd --remove-rich-rule="rule family='ipv4' source address='xxx.xxx.xxx.xxx' reject"

Run the following command to verify the firewalld is running.

$ firewall-cmd --state

Uncomplicated Firewall (UFW)

ufw is available on Debian 6 and later, Ubuntu 8.04 LTS and later.

To ensure that ufw is running on your server, run the following command. If ufw is not running, go to the iptables chapter.

$ sudo systemctl status ufw

Run the following command to block the IP address:

$ sudo ufw deny from xxx.xxx.xxx.xxx to any

Run the following command to list and verify the new rule:

$ sudo ufw status

Run the following command to remove a blocked IP address.

$ sudo ufw delete 7

Run the following command to show numbered list of firewall rules.

$ ufw status numbered

iptables chains

iptables is commonly pre-installed on all Linux distributions.

Run the following command to block the IP address:

$ sudo iptables -I INPUT -s xxx.xxx.xxx.xxx -j DROP

Run the following command to save the settings. The settings persist after the server reboots.

$ sudo service iptables save

Run the following command to list and verify the new rule:

$ sudo iptables -vnL

Run the following command to delete a iptables chain.

$ sudo iptables -D INPUT 7

Run the following command to show numbered list of iptables chains.

$ sudo iptables -L --line-numbers

Mail in Postfix Queue Redirect to another Pecipient

Postfix queue gets email stuck, the email should now be redirected to another recipient! Such a scenario can occur if no emails can be delivered to the original recipient address, for example when the mailbox space limit is reached, or the server responds with an error or there are the server is unreachable.

Here it can be helpful to temporarily send the email to another recipient. The tutorial shows the steps for delivering an e-mail remaining in the Postfix queue to an alternative recipient.

How to redirect queued mail to recipient

First, you look for the queue ID of the e-mail in the Postfix queue, which you want to send to another recipient address.

$ postqueue -p | grep 'john@example.org' -B 2

  The parameter -B 2 outputs two additional lines before the parse.

The output can look similar to the following.

BCD2C3035D31!   37023 Thu Feb 17 08:59:55 suite102@mailings.daydeal.net
        (connect to 12.34.56.78[12.34.56.78]:25: Connection timed out)
                             john@example.org

Here an e-mail was sent to john@example.org which I want to deliver to a different address. The queue ID is BCD2C3035D31 which we need.

Alternatively, you can simply listing emails in the Postfix queues.

$ mailq

To prevent Postfix from trying to deliver the deffered email in the meantime, we set it to on hold with the -h option.

$ postsuper -h BCD2C3035D31
postsuper: BCD2C3035D31: placed on hold
postsuper: Placed on hold: 1 message

  The e-mails are not deleted with on hold. The exclamation mark (!) indicates that the message is on hold.

Now you extract the e-mail and save it to a temporary file.

$ postcat -qbh BCD2C3035D31 > /tmp/email.eml

Now that the email is extracted, you can send it to a different recipient than the original.

$ sendmail -f john@example.org mike@domain.org < /tmp/email.eml

The e-mail will be sent from john@example.org to mike@domain.org.

Search the Postfix deffered queue for pending emails.

$ postqueue -vp

After the delivery to the new e-mail address has been confirmed, the e-mail can be removed from the Postfix queue.

$ postsuper -d BCD2C3035D31
postsuper: BCD2C3035D31: removed
postsuper: Deleted: 1 message

Delete the temporary /tmp/email.eml file.

$ rm -f /tmp/email.eml

Postfix helpful commands

  Hint! To show Postfix queued e-mail contents.

$ postcat -vq BCD2C3035D31

Release mail that was put “on hold”.

$ postsuper -H BCD2C3035D31
postsuper: BCD2C3035D31: released from hold
postsuper: Released from hold: 1 message

Flush the queue, attempt to deliver all queued mail.

$ postqueue -f

To remove all e-mails in the Postfix deferred queue.

$ postsuper -d ALL deferred

Conclusion

As shown in this tutorial, it is possible to set e-mails from the Postfix queue to Hold, temporarily deliver them to other recipients, and remaining e-mails can also be removed from the queue for system hygiene.