On Mon, January 12, 2009 1:37 pm, James B. Byrne wrote: > I have these rules in effect: <snip> > 1 DROP all -- 202.14.0.0/24 anywhere > 2 DROP all -- 220.232.0.0/24 anywhere <sniP> > > Note particularly line 2. > > Now, notwithstanding the above, I see this in my /var/log/secure file: > > Jan 12 13:36:02 inet01 sshd[16056]: Received disconnect from > 220.232.152.137: 11: Bye Bye > Jan 12 13:36:13 inet01 sshd[16062]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=avalon.aty-group.com > user=root > Jan 12 13:36:15 inet01 sshd[16062]: Failed password for root from > 220.232.152.137 port 38722 ssh2 <snip> > > What is wrong with my IPTABLES rules that this connection is permitted? Your netmask. You might want to consider changing it to /16. Marko