iptables isn't blocking IP
David Hoffman
dhoffman2004 at gmail.com
Fri Jan 21 14:45:32 UTC 2005
On Fri, 21 Jan 2005 09:35:26 -0500, Kevin Old <kevinold at gmail.com> wrote:
> Hello everyone,
>
> My Logwatch report this moring is below. It appears that IP
> 218.145.54.195 has attempted to connect to my SSH daemon 500 times.
> I'm confused at how that can be as I added that IP several days ago to
> the iptables
>
> /sbin/iptables -I OC -s 218.145.54.195 -j DROP
>
> and a /iptables -L OC shows that he's in there.
>
You have a chain called "OC" already? Do you have anything in your
input chain that calls the "OC" chain?
You would want to run an "iptables -L" to see if it's there. On mine,
I have a chain called FW-Filter, and when I run iptables -L, I see:
Chain INPUT (policy ACCEPT)
target prot opt source destination
FW-Filter all -- anywhere anywhere
This means that all my incoming packets are not evaluated by the INPUT
chain, but are referred to the FW-Filter chain. If you don't have
something like that in your system, you can create all the chains you
want, but they will never be checked.
It also might be because of the order of other rules in that chain.
The first rule that makes a match wil be acted on, so you might have a
rule that says to accept that packet BEFORE the rule that says to drop
it.
Without seeing the full OC chain and output from iptables -L it's hard to tell.
More information about the fedora-list
mailing list