I would like to setup some rules in iptables to block dynamic ip's. For instance sw73-218-132.adsl.seed.net.tw (and others from this provider) are constantly scanning my server and attempting to use it as a mail relay. I would much prefer to block traffic from them as those ip's are dynamic and should not be sending e-mail directly. They are probably bots anyway. I am looking for something like
"iptables -I INPUT -s *.adsl.seed.net.tw -j DROP" where it would simply take the domain name, parse it and drop all connections that end with adsl.seed.net.tw. Any idea if iptables can do something like this. I would rather not have to write a script to parse logs looking for this silly stuff and manually adding it to iptables if it can be prevented.
That will work fine for some ports. I have ssh being filtered and that is helping. However there are valid mail servers that connect to this one several times a minute. I would hate to block a client from sending e-mail just because he sends me a lot of stuff.
I am still poking around here and in google to try and come up with a good solution.