On Thursday 16 May 2002 12:00 am, Ron Gedye wrote: > Hello Folks! > > What happens now is that my basic rules > for closing ports, logging SYN's, dropping icmp, inside-outside GW/NAT/MASQ > etc. works great. But any additional rules I want to apply HAVE NO EFFECT, > even after clearing the 1800 or so rules and 'starting over'.
I've looked at the URL you posted for LinuxQuestions.org, and you seemed to say there that "you had just the basic rules" and then to block a bad IP address you used iptables -A INPUT -s aaa.bbb.ccc.ddd -j DROP, and the packets still kept coming in on your log files. Two things occur to me here: 1. If you do not delete the connection tracking table, any ESTABLISHED connections will still be able to get in on that rule (I assume you have one - I couldn't find any listing of what your 'basic' ruleset was) even if you have some later rule which blocks specific addresses. 2. If you're seeing an entry in your logfile, you must have a LOG rule, and if you're adding a DROP rule with -A to append it at the end of the ruleset, it will naturally come after the LOG rule, therefore the packet is still going to get logged whether or not your new rule DROPs it. For both these reasons I recommend you *insert* (not append) rules such as iptables -I INPUT -s aaa.bbb.ccc.ddd -j DROP so they go in at the very beginning of the ruleset, before any logging and before any connection state matching such as ESTABLISHED. If this doesn't fix the problem post your full basic ruleset here and tell us a specific problem with it and someone will likely help. Antony.
