On 6/16/2014 2:58 PM, Chuck Campbell wrote:
Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-VSFTPD tcp -- anywhere anywhere tcp dpt:ftp fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh RH-Firewall-1-INPUT all -- anywhere anywhere DROP all -- 116.10.191.0/24 anywhere DROP all -- 183.136.220.0/24 anywhere DROP all -- 183.136.221.0/24 anywhere DROP all -- 183.136.222.0/24 anywhere DROP all -- 183.136.223.0/24 anywhere DROP all -- 122.224.11.0/24 anywhere DROP all -- 219.138.0.0/16 anywhere
...
Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere . . .
Yet in my logwatch emails, I see this, long after the iptables rules are in place to drop some ip ranges:
RH-Firewall-1-INPUT is being invoked prior to your DROP rules, and is ACCEPTing all packets.