On Mon, 2 Jun 2014, "Wenjian Bill Yang" <[email protected]> wrote: > I have the following rule in my iptables, and all chains are empty when the > server is booted. > > -A INPUT -s yahoo.com -j DROP > > Or > > -A INPUT -s yahoo.com -p tcp --dport 21 -j DROP
Firstly that sort of rule probably won't get the result you desire. Big services such as yahoo tend to use different addresses for sending and receiving. So any address they use for receiving data (in this case a web server) probably won't be used for sending data (IE making port 21 connections to your system). > if I manually run /etc/init.d/iptables start, all iptables rules can be > loaded. > > Also if an IP address is used as follows, iptables can be loaded at boot > time. > > -A INPUT -s 66.33.210.0/24 -j DROP Probably DNS isn't available in the early stages of the boot process. What is in /etc/resolv.conf? Does it point to something at the other end of a PPP link (or any link that will take time to establish) or localhost (iptables probably starts before BIND)? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
