iptables - do they block IP's automatically?

[noimad1]

I am running apf with anti-dos as well and I have a customer that keeps getting blocked in the iptables.

However, it is not listed as being blocked by apf in the apf or anti-dos logs. So I guess my question is there some other way that iptables would automatically block a client. The other strange thing is that it is not blocking his IP address but his host name?

We just are not sure why he keeps getting blocked....

Thanks,
Damion

[richy]

Have you got BFD installed?

[noimad1]

Have you got BFD installed?

not on that server, which is why I thought it was weired that it was being blocked.

How about this, last night I flushed the IP tables, then this morning it looks like all of the old rules were back in there -> which is why I think my customers account was blocked again.

Are these rules stored somewhere that even after flushing them they might come back?

[noimad1]

Or is there a way to setup an ignore for a specific IP address...Like if I put an ACCEPT line in there will it always eaccept and not ever add a DROP for that IP?

[ehpmahesh]

I think if you give his IP to allow list then may possible your problem get solved. Second thing did you have exim RBL install on your server. Casue if you have RBL it will block the IP and domain name those who are doing spaming. check that did that domain or IP doing spaming. Let me know the result.

[webits]

Well I have APF/BFD installed I had the same problem with my IP RANGE, IT blocked my ISP SERVER IP GATEWAYS, etc. I had to put that on the allow list etc, since my IP aint static or nothing but i Could SSH but not view websites etc. So it blocked me out from VIEW websites.

[noimad1]

I think if you give his IP to allow list then may possible your problem get solved. Second thing did you have exim RBL install on your server. Casue if you have RBL it will block the IP and domain name those who are doing spaming. check that did that domain or IP doing spaming. Let me know the result.

I do think we might be using RBL on that server. I will take a look at that and see if that is a possibility.

This particular customer is a wireless internet provider, and he has a lot of websites with us. The host name that is being blocked happens to be one of the routers for his wireless portion of things. So pretty much all of his customers e-mails stopped working as well as they couldn't access their own sites. Kind of a pain...

[noimad1]

Ok, I had put the ACCEPT line in the IPTABLES, but for some reason anything I enter in there keeps getting written over. Would there be anything that would be clearing out my entries or overwriting them with old data for some reason?

[richy]

If you are running APF, the configuration in /etc/apf/* will take precendence over IPTables configurations (IIRC). Try adding the IP to /etc/apf/allow_hosts.rules and restarting APF>

[noimad1]

If you are running APF, the configuration in /etc/apf/* will take precendence over IPTables configurations (IIRC). Try adding the IP to /etc/apf/allow_hosts.rules and restarting APF>

Right, but doesn't the APF e-mail you when they block an IP and also log it somehwere? I can't find that apf is the one that is actually blocking this IP address?

My main problems are that 1. I can not figure out why the ACCEPT rule keeps getting dropped out of the iptables, and 2. Why the IP is getting blocked in the first place, and 3. What program is blocking it?

Once you put it an ACCEPT rule in the iptables shouldn't it stay? It seems like nightly it is being removed.