Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    netstat still shows iptables blocked IPs


    Code:
    netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
    shows bad IP addresses connections like:

    215.125.62.*

    i tried to block one by one by:

    iptables -A INPUT -s 215.125.62.IPHERE -j DROP
    iptables -A INPUT -s 215.125.62.0/24 -j DROP

    but on command
    Code:
    netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
    it still created connections from that IPs and that server is getting overloaded, and hanged.

    any ideas please?
    Last edited by postcd; 11-12-2013 at 11:32 AM.

  2. #2
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    1,005
    -->
    iptables rules work in the order they are submitted. Most likely, you have an input rule that is allowing all IPs in on PORT 80.

    You should use the -I (capital i) instead of -A to insert your rules at the top of the list to make sure they take precedence over the rules that allow the traffic in (such as allowing * on port 80, etc).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •