[Firewall] BLOCKED-HOSTS isn't blocking

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Wed Jul 23 03:26:17 MDT 2008


Any updates on this issue? Can somebody (else) confirm this? I have been 
  unable to track down the problem (for now)....

a.

Jon Todaro wrote:
> 
> I agree it is odd. Interfaces are not virtual or localhost and it almost 
> looks as if somehow iptables isnt properly working if I were to have to 
> guess.
> 
> Since the output is so long, I decided to use pastebin entries.
> 
> debconf.cfg: http://pastebin.com/f3b77d945
> relevant firewall log output: http://pastebin.com/f782f2341
> ipconfig output: http://pastebin.com/f24d216e3
> 
> jt
> 
> On Mon, Jul 14, 2008 at 9:53 AM, Arno van Amersfoort 
> <arnova at rocky.eld.leidenuniv.nl <mailto:arnova at rocky.eld.leidenuniv.nl>> 
> wrote:
> 
>     This is really odd. Could you provide your firewall logs, config file &
>     ifconfig output? It isn't the localhost IP, right?
> 
>     a.
> 
>     Jon Todaro wrote:
>      > Am I doing something wrong as it looks like even though iptables
>     says it
>      > is set to DROP my blocked-hosts ip's, it still looks to be
>     allowing them
>      > as Apache logged an invalid file request from one of the IP
>     addresses,
>      > and I know for a fact the iptables rules were in place when this
>     occurred.
>      >
>      > --------------------------------------------
>      >
>      > Arno's Iptables Firewall script
>      > Version: 1.8.8.i-2
>      >
>      > *[root at gatekeeper:~] grep ^60.
>     /etc/arno-iptables-firewall/blocked-hosts
>      > 60.172.219.2 <http://60.172.219.2> <http://60.172.219.2>
>      >
>      > *[root at gatekeeper:~] tail /var/log/apache2/error.log | grep
>     "client 60."
>      > [Thu Jul 10 13:06:02 2008] [error] [client 60.172.219.2
>     <http://60.172.219.2>
>      > <http://60.172.219.2>] File does not exist:
>      > /var/www/apache2-default/myproxies
>      > [Thu Jul 10 19:23:19 2008] [error] [client 60.172.219.2
>     <http://60.172.219.2>
>      > <http://60.172.219.2>] File does not exist:
>      > /var/www/apache2-default/myproxies
>      > [Fri Jul 11 03:57:42 2008] [error] [client 60.172.219.2
>     <http://60.172.219.2>
>      > <http://60.172.219.2>] File does not exist:
>      > /var/www/apache2-default/myproxies
>      >
>      > *[root at gatekeeper:~] iptables -L -n | grep 60.
>      > LOG        all  --  60.172.219.2 <http://60.172.219.2>
>     <http://60.172.219.2>         0.0.0.0/0 <http://0.0.0.0/0>
>      > <http://0.0.0.0/0>           limit: avg 1/min burst 1 LOG flags 0
>     level
>      > 6 prefix `Blocked hosts violation: '
>      > DROP       all  --  60.172.219.2 <http://60.172.219.2>
>     <http://60.172.219.2>         0.0.0.0/0 <http://0.0.0.0/0>
>      > <http://0.0.0.0/0>
>      >
>      >
>      >
>      >
>     ------------------------------------------------------------------------
>      >
>      > _______________________________________________
>      > Firewall mailing list
>      > Firewall at lists.btito.net <mailto:Firewall at lists.btito.net>
>      > http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
>      > Arno's (Linux IPTABLES Firewall) Homepage:
>      > http://rocky.eld.leidenuniv.nl
> 
>     --
>     Arno van Amersfoort
>     E-mail    : arnova at rocky.eld.leidenuniv.nl
>     <mailto:arnova at rocky.eld.leidenuniv.nl>
>     Donations are welcome through Paypal!
>     ---------------------------------------------------------------------------
>     Arno's (Linux IPTABLES Firewall) Homepage:
>     http://rocky.eld.leidenuniv.nl
> 
>     _______________________________________________
>     Firewall mailing list
>     Firewall at lists.btito.net <mailto:Firewall at lists.btito.net>
>     http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
>     Arno's (Linux IPTABLES Firewall) Homepage:
>     http://rocky.eld.leidenuniv.nl
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Firewall mailing list
> Firewall at lists.btito.net
> http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl



More information about the Firewall mailing list