>>>
>>>
>> As John R Pierce mentioned one of your first rule in the chain is
>> "RH-Firewall-1-INPUT all -- anywhere anywhere", this
>> simply mean everything with "DROP" after it will be ignored. iptables
>> will work its way down the chain, therefore you have to options
>> 1. remove that line or
>> 2. move it at the bottom of the chain.
>
> I am clearly missing some emails, because I didn't see a reply from John R
> Pierce. My apologies.
> I appreciate you restating this. I'll try to go make sense of iptables, given
> the insight,
>
> thanks,
> -chuck
>
OK, I went to the list archive and found the email in question. Also, one after
it that asked how I added these rules.
I ran a script after fail2ban was started. It looks like this:
#!/bin/sh
iptables -A INPUT -s 116.10.191.0/24 -j DROP
iptables -A INPUT -s 183.136.220.0/24 -j DROP
iptables -A INPUT -s 183.136.221.0/24 -j DROP
iptables -A INPUT -s 183.136.222.0/24 -j DROP
iptables -A INPUT -s 183.136.223.0/24 -j DROP
iptables -A INPUT -s 122.224.11.0/24 -j DROP
iptables -A INPUT -s 219.138.0.0/16 -j DROP
so, how do I get them in front of the RH-Firewall-1-INPUT, or do I add them to
that chain?
-chuck
--
ACCEL Services, Inc.| Specialists in Gravity, Magnetics | (713)993-0671 ph.
| and Integrated Interpretation | (713)993-0608 fax
448 W. 19th St. #325| Since 1992 | (713)306-5794 cell
Houston, TX, 77008 | Chuck Campbell | campbell at accelinc.com
| President & Senior Geoscientist |
"Integration means more than having all the maps at the same scale!"