[CentOS] iptables question

Tue Jun 17 04:08:23 UTC 2014
John R Pierce <pierce at hogranch.com>

On 6/16/2014 8:52 PM, Chuck Campbell wrote:
> I ran a script after fail2ban was started. It looks like this:
> #!/bin/sh
> iptables -A INPUT -s 116.10.191.0/24 -j DROP
> iptables -A INPUT -s 183.136.220.0/24 -j DROP
> iptables -A INPUT -s 183.136.221.0/24 -j DROP
> iptables -A INPUT -s 183.136.222.0/24 -j DROP
> iptables -A INPUT -s 183.136.223.0/24 -j DROP
> iptables -A INPUT -s 122.224.11.0/24 -j DROP
> iptables -A INPUT -s 219.138.0.0/16 -j DROP
>
> so, how do I get them in front of the RH-Firewall-1-INPUT, or do I add them to
> that chain?

use -I (insert) rather than -A (append).

OR

specify chain RH-Firewall-1-INPUT rather than INPUT

OR, better

use system-config-firewall rather than running your own iptables 
commands.    this manages the rules used by the RH firewall scripts 
invoked by the iptables service which is run at boot time.

also, if you do manually add iptables rules, you can use `service 
iptables save` to remember these changes, instead of running them from 
your own scripts.      these changes get saved to /etc/sysconfig/iptables






-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast