[CentOS] iptables question

Mon Jun 16 22:11:21 UTC 2014
John R Pierce <pierce at hogranch.com>

On 6/16/2014 2:58 PM, Chuck Campbell wrote:
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> fail2ban-VSFTPD  tcp  --  anywhere             anywhere            tcp dpt:ftp
> fail2ban-SSH  tcp  --  anywhere             anywhere            tcp dpt:ssh
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> DROP       all  --  116.10.191.0/24      anywhere
> DROP       all  --  183.136.220.0/24     anywhere
> DROP       all  --  183.136.221.0/24     anywhere
> DROP       all  --  183.136.222.0/24     anywhere
> DROP       all  --  183.136.223.0/24     anywhere
> DROP       all  --  122.224.11.0/24      anywhere
> DROP       all  --  219.138.0.0/16       anywhere
>
> ...
>
> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     icmp --  anywhere             anywhere            icmp any
> ACCEPT     esp  --  anywhere             anywhere
> .
> .
> .
>
> Yet in my logwatch emails, I see this, long after the iptables rules are in
> place to drop some ip ranges:

RH-Firewall-1-INPUT is being invoked prior to your DROP rules, and is 
ACCEPTing all packets.



-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast