[Firewall] BLOCKED-HOSTS isn't blocking

Jon Todaro jontodaro at gmail.com
Mon Jul 14 09:13:37 MDT 2008


I agree it is odd. Interfaces are not virtual or localhost and it almost
looks as if somehow iptables isnt properly working if I were to have to
guess.

Since the output is so long, I decided to use pastebin entries.

debconf.cfg: http://pastebin.com/f3b77d945
relevant firewall log output: http://pastebin.com/f782f2341
ipconfig output: http://pastebin.com/f24d216e3

jt

On Mon, Jul 14, 2008 at 9:53 AM, Arno van Amersfoort <
arnova at rocky.eld.leidenuniv.nl> wrote:

> This is really odd. Could you provide your firewall logs, config file &
> ifconfig output? It isn't the localhost IP, right?
>
> a.
>
> Jon Todaro wrote:
> > Am I doing something wrong as it looks like even though iptables says it
> > is set to DROP my blocked-hosts ip's, it still looks to be allowing them
> > as Apache logged an invalid file request from one of the IP addresses,
> > and I know for a fact the iptables rules were in place when this
> occurred.
> >
> > --------------------------------------------
> >
> > Arno's Iptables Firewall script
> > Version: 1.8.8.i-2
> >
> > *[root at gatekeeper:~] grep ^60. /etc/arno-iptables-firewall/blocked-hosts
> > 60.172.219.2 <http://60.172.219.2>
> >
> > *[root at gatekeeper:~] tail /var/log/apache2/error.log | grep "client 60."
> > [Thu Jul 10 13:06:02 2008] [error] [client 60.172.219.2
> > <http://60.172.219.2>] File does not exist:
> > /var/www/apache2-default/myproxies
> > [Thu Jul 10 19:23:19 2008] [error] [client 60.172.219.2
> > <http://60.172.219.2>] File does not exist:
> > /var/www/apache2-default/myproxies
> > [Fri Jul 11 03:57:42 2008] [error] [client 60.172.219.2
> > <http://60.172.219.2>] File does not exist:
> > /var/www/apache2-default/myproxies
> >
> > *[root at gatekeeper:~] iptables -L -n | grep 60.
> > LOG        all  --  60.172.219.2 <http://60.172.219.2>         0.0.0.0/0
> > <http://0.0.0.0/0>           limit: avg 1/min burst 1 LOG flags 0 level
> > 6 prefix `Blocked hosts violation: '
> > DROP       all  --  60.172.219.2 <http://60.172.219.2>         0.0.0.0/0
> > <http://0.0.0.0/0>
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Firewall mailing list
> > Firewall at lists.btito.net
> > http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
> > Arno's (Linux IPTABLES Firewall) Homepage:
> > http://rocky.eld.leidenuniv.nl
>
> --
> Arno van Amersfoort
> E-mail    : arnova at rocky.eld.leidenuniv.nl
> Donations are welcome through Paypal!
> ---------------------------------------------------------------------------
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
> _______________________________________________
> Firewall mailing list
> Firewall at lists.btito.net
> http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.btito.net/pipermail/firewall_lists.btito.net/attachments/20080714/3b272562/attachment.html 


More information about the Firewall mailing list