Iptable not rejecting IP

the two IP I am rejecting are still getting thru
what am I doing wrong?
Centos 5

Code:

---

Chain RH-Firewall-1-INPUT (2 references)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere           
REJECT    icmp --  anywhere            anywhere            icmp any reject-with icmp-port-unreachable
ACCEPT    esp  --  anywhere            anywhere           
ACCEPT    ah  --  anywhere            anywhere           
ACCEPT    udp  --  anywhere            224.0.0.251        udp dpt:mdns
DROP      udp  --  anywhere            anywhere            udp dpt:ipp
DROP      tcp  --  anywhere            anywhere            tcp dpt:ipp
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:ftp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:smtp state NEW
DROP      tcp  --  anywhere            anywhere            tcp dpt:ssh state NEW
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:pop3 state NEW
REJECT    tcp  --  92.240.68.152        anywhere            tcp spt:http dpt:http state NEW,RELATED,ESTABLISHED reject-with icmp-port-unreachable
REJECT    tcp  --  92.240.68.153        anywhere            tcp spt:http dpt:http state NEW,RELATED,ESTABLISHED reject-with icmp-port-unreachable
REJECT    tcp  --  194.8.75.107        anywhere            tcp spt:http dpt:http state NEW,RELATED,ESTABLISHED reject-with icmp-port-unreachable
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:https
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:http

---

well I must have looked at this table a zillion times
but not till I posted it here did it dawn on my that the
ACCEPT all -- anywhere anywhere

pretty much overrode everthing.
so moved the ips up past it and now they do what I expected

the IP seem to be getting thru
I am at a loose as to how they are getting thru the fire wall.
I am on Centos 5
guess I will head to thier forum.

First question is how are you configuring your firewall?
If it is a script then post the script.
If it's the default way then post /etc/sysconfig/iptables file.

Both of these are easier to read/understand then the iptables -L output.

As to the ACCEPT they could be for a lot of things thus is the reason I don't like this output. Most likely for the LO interface and OUTPUT rulesbut from this output you cannot tell this.

sorry I did not update here.
the problems was I set the source port to 80, so they are coming in any where from 1024 to the max port.
my solution was to remove the source port number so it blocks any port they used.

And that would be the way to completely block the ip address. :)

Oh forgot moved them to the top before any ports were processed.