On 6/16/2014 8:52 PM, Chuck Campbell wrote: > I ran a script after fail2ban was started. It looks like this: > #!/bin/sh > iptables -A INPUT -s 116.10.191.0/24 -j DROP > iptables -A INPUT -s 183.136.220.0/24 -j DROP > iptables -A INPUT -s 183.136.221.0/24 -j DROP > iptables -A INPUT -s 183.136.222.0/24 -j DROP > iptables -A INPUT -s 183.136.223.0/24 -j DROP > iptables -A INPUT -s 122.224.11.0/24 -j DROP > iptables -A INPUT -s 219.138.0.0/16 -j DROP > > so, how do I get them in front of the RH-Firewall-1-INPUT, or do I add them to > that chain? use -I (insert) rather than -A (append). OR specify chain RH-Firewall-1-INPUT rather than INPUT OR, better use system-config-firewall rather than running your own iptables commands. this manages the rules used by the RH firewall scripts invoked by the iptables service which is run at boot time. also, if you do manually add iptables rules, you can use `service iptables save` to remember these changes, instead of running them from your own scripts. these changes get saved to /etc/sysconfig/iptables -- john r pierce 37N 122W somewhere on the middle of the left coast