Iptable not rejecting IP

**bjfreeman** · 05-05-2009

the two IP I am rejecting are still getting thru
what am I doing wrong?
Centos 5

Code:

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
REJECT     icmp --  anywhere             anywhere            icmp any reject-with icmp-port-unreachable 
ACCEPT     esp  --  anywhere             anywhere            
ACCEPT     ah   --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns 
DROP       udp  --  anywhere             anywhere            udp dpt:ipp 
DROP       tcp  --  anywhere             anywhere            tcp dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW 
DROP       tcp  --  anywhere             anywhere            tcp dpt:ssh state NEW 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 state NEW 
REJECT     tcp  --  92.240.68.152        anywhere            tcp spt:http dpt:http state NEW,RELATED,ESTABLISHED reject-with icmp-port-unreachable 
REJECT     tcp  --  92.240.68.153        anywhere            tcp spt:http dpt:http state NEW,RELATED,ESTABLISHED reject-with icmp-port-unreachable 
REJECT     tcp  --  194.8.75.107         anywhere            tcp spt:http dpt:http state NEW,RELATED,ESTABLISHED reject-with icmp-port-unreachable 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http

**bjfreeman** · 05-05-2009

well I must have looked at this table a zillion times
but not till I posted it here did it dawn on my that the
ACCEPT all -- anywhere anywhere

pretty much overrode everthing.
so moved the ips up past it and now they do what I expected

**bjfreeman** · 05-05-2009

the IP seem to be getting thru
I am at a loose as to how they are getting thru the fire wall.
I am on Centos 5
guess I will head to thier forum.

**Lazydog** · 05-07-2009

First question is how are you configuring your firewall?
If it is a script then post the script.
If it's the default way then post /etc/sysconfig/iptables file.

Both of these are easier to read/understand then the iptables -L output.

As to the ACCEPT they could be for a lot of things thus is the reason I don't like this output. Most likely for the LO interface and OUTPUT rulesbut from this output you cannot tell this.

**bjfreeman** · 05-07-2009

sorry I did not update here.
the problems was I set the source port to 80, so they are coming in any where from 1024 to the max port.
my solution was to remove the source port number so it blocks any port they used.

**Lazydog** · 05-07-2009

And that would be the way to completely block the ip address.

**bjfreeman** · 05-08-2009

Oh forgot moved them to the top before any ports were processed.

Thread Tools

Display

Iptable not rejecting IP

Resolved

Posting Permissions