I am using iptables 1.2.4 on a RedHat 7.2 box for a router/firewall. All web traffic gets forwarded in the prerouting table to my web server on a 192.168.x.x address. The problem I am running into is when I want to deny access to my site all together. In my firewall script I create a user chain called banned. In the prerouting table the first thing I have it do is travel through this user chain: $IPTABLES -t nat -I PREROUTING -j BANNED
I added this line in to banned table to drop the IP address range 1.2.0.0 - 1.2.255.255: $IPTABLES -t nat -A BANNED -s 1.2.0.0/16 -j DROP Now on my web site I have a message board and the message board will tell me the IP address of the poster. After I put this rule in place and ran the script (I also verified it was in by listing the rules) I got a post from a IP address of 1.2.25.x!!! Why would this not drop this connection? I then put another rule in place just before the drop rule on the same table to log connections coming from this IP address range. In my log file it does list this IP address so I know it is traveling though the table and is matching the IP address. So if it is logging it why is it not also dropping it? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Chris Hoeschen - Distributed System Analysts | | PrimeVest Financial Services | | (320) 656-4035 E-Mail: [EMAIL PROTECTED] | -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." -- Albert Einstein
