[CentOS] Question on iptables

Mon Jan 27 13:10:33 UTC 2014
Adrian Sevcenco <Adrian.Sevcenco at cern.ch>

On 01/27/2014 02:43 PM, Joseph L. Casale wrote:
>> I have a rule in iptables to drop certain packets from addresses, like:
>>
>> iptables --list | grep 37
>> DROP       all  --  37.0.0.0/8           anywhere
>>
>> So I am wondering how this got through???
>>
>> [Jan 27 02:36:52] NOTICE[9298][C-000005ce] chan_sip.c: Call from '' (
>> 37.8.28.217:10024) to extension '888888011972592871997' rejected because
>> extension not found in context 'default'
>>
>> Shouldn't the firewall have dropped it?
> 
> Without more info, no one can help. Iptables are processed top down, have you
> allowed something less specific above? A subnet, a protocol etc?
or there is a forward somewhere ... without full iptables and network
description it is not possible to evaluate your situation..

Adrian