Sorry, I didn't answer your question. Shorewall is letting those packets through because they are in the "Established" or "Related" state. The rule you added is likely a rule to match packets in the "NEW" state. Flush your connections with the commands from my last email. FYI, it helps to run that command a few times in a row.
On Tue, Sep 6, 2016 at 7:06 PM, johnny bowen <[email protected]> wrote: > Install conntrack-tools and flush the table that keeps track of your > connections. > > *Debian Flavors:* > #apt-get install conntrack > > > *RedHat Flavors:* > #yum install conntrack-tools > > Then: > > #conntrack -F > > On Tue, Sep 6, 2016 at 2:01 PM, Grant <[email protected]> wrote: > >> My site was recently under attack by an IP address I identified by way >> of the nginx logs. I tried blocking the IP like this which has always >> worked in the past: >> >> /etc/shorewall/rules >> DROP net:1.2.3.4 $FW >> >> But this time it seemed to have no effect as the IP kept racking up >> hits in the nginx log. Shorewall runs on the same machine as my web >> server. Could shorewall/iptables somehow see a different IP address >> than the one seen and logged by nginx? >> >> - Grant >> >> ------------------------------------------------------------ >> ------------------ >> _______________________________________________ >> Shorewall-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> > >
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
