[Firewall] BLOCKED-HOSTS isn't blocking

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Mon Jul 14 08:53:25 MDT 2008


This is really odd. Could you provide your firewall logs, config file & 
ifconfig output? It isn't the localhost IP, right?

a.

Jon Todaro wrote:
> Am I doing something wrong as it looks like even though iptables says it 
> is set to DROP my blocked-hosts ip's, it still looks to be allowing them 
> as Apache logged an invalid file request from one of the IP addresses, 
> and I know for a fact the iptables rules were in place when this occurred.
> 
> --------------------------------------------
> 
> Arno's Iptables Firewall script
> Version: 1.8.8.i-2
> 
> *[root at gatekeeper:~] grep ^60. /etc/arno-iptables-firewall/blocked-hosts
> 60.172.219.2 <http://60.172.219.2>
> 
> *[root at gatekeeper:~] tail /var/log/apache2/error.log | grep "client 60."
> [Thu Jul 10 13:06:02 2008] [error] [client 60.172.219.2 
> <http://60.172.219.2>] File does not exist: 
> /var/www/apache2-default/myproxies
> [Thu Jul 10 19:23:19 2008] [error] [client 60.172.219.2 
> <http://60.172.219.2>] File does not exist: 
> /var/www/apache2-default/myproxies
> [Fri Jul 11 03:57:42 2008] [error] [client 60.172.219.2 
> <http://60.172.219.2>] File does not exist: 
> /var/www/apache2-default/myproxies
> 
> *[root at gatekeeper:~] iptables -L -n | grep 60.
> LOG        all  --  60.172.219.2 <http://60.172.219.2>         0.0.0.0/0 
> <http://0.0.0.0/0>           limit: avg 1/min burst 1 LOG flags 0 level 
> 6 prefix `Blocked hosts violation: '
> DROP       all  --  60.172.219.2 <http://60.172.219.2>         0.0.0.0/0 
> <http://0.0.0.0/0>
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Firewall mailing list
> Firewall at lists.btito.net
> http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl



More information about the Firewall mailing list