iptables isn't blocking IP
Vinicius
cviniciusm at terra.com.br
Fri Jan 21 20:59:37 UTC 2005
Kevin Old escreveu:
> Hello everyone,
>
> My Logwatch report this moring is below. It appears that IP
> 218.145.54.195 has attempted to connect to my SSH daemon 500 times.
> I'm confused at how that can be as I added that IP several days ago to
> the iptables
>
> /sbin/iptables -I OC -s 218.145.54.195 -j DROP
>
> and a /iptables -L OC shows that he's in there.
>
> --------------------- pam_unix Begin ------------------------
>
> vsftpd:
> Unknown Entries:
> check pass; user unknown: 2 Time(s)
> authentication failure; logname= uid=0 euid=0 tty= ruser=
> rhost=198.92.120.65 : 1 Time(s)
> authentication failure; logname= uid=0 euid=0 tty= ruser=
> rhost=81.112.95.146 : 1 Time(s)
>
> sshd:
> Invalid Users:
> Unknown Account: 764 Time(s)
> Authentication Failures:
> unknown (sig214.gsig-net.qc.ca ): 227 Time(s)
> unknown (218.145.54.195 ): 500 Time(s)
> unknown (207.139.143.214 ): 1 Time(s)
> unknown (222.122.60.42 ): 36 Time(s)
>
> ---------------------- pam_unix End -------------------------
>
> Any ideas why he'd be getting through the cracks?
>
> Thanks,
> Kevin
the rule that blocks must be before than the rule that opens the SSH
port for all.
And how Alexsander Dalloz said "service iptables save" to save the rule
permanently (whether another application doesn't change that).
More information about the fedora-list
mailing list