On 6/16/2014 2:58 PM, Chuck Campbell wrote: > Chain INPUT (policy ACCEPT) > target prot opt source destination > fail2ban-VSFTPD tcp -- anywhere anywhere tcp dpt:ftp > fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh > RH-Firewall-1-INPUT all -- anywhere anywhere > DROP all -- 116.10.191.0/24 anywhere > DROP all -- 183.136.220.0/24 anywhere > DROP all -- 183.136.221.0/24 anywhere > DROP all -- 183.136.222.0/24 anywhere > DROP all -- 183.136.223.0/24 anywhere > DROP all -- 122.224.11.0/24 anywhere > DROP all -- 219.138.0.0/16 anywhere > > ... > > Chain RH-Firewall-1-INPUT (2 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > ACCEPT icmp -- anywhere anywhere icmp any > ACCEPT esp -- anywhere anywhere > . > . > . > > Yet in my logwatch emails, I see this, long after the iptables rules are in > place to drop some ip ranges: RH-Firewall-1-INPUT is being invoked prior to your DROP rules, and is ACCEPTing all packets. -- john r pierce 37N 122W somewhere on the middle of the left coast