csf / idf blocking IP but not putting it in deny file?

[jols]

Today, twice we found that someone's IP had been blocked in the firewall, but we could not find their IP in the /etc/csf/csf.deny file.

Tried rebooting csf with

service csf restart

And even tried restarting iptables, then csf again, but this did not clear the issue.

The issue was not cleared until I inserted the blocked IP in the csf allow file, and then restarted the firewall.

Does anyone know what would cause this?

And by the way, what is the grep command for iptables for checking just one IP to see if it has been banned?

Thanks much for any response.

 

[jols]

Stranger and stranger:

We have an IP that is being blocked by the kernal but is not in the iptables firewall:

Server message log:

Nov 27 21:42:47 stratus kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=[server ip here] DST=208.244.116.59 LEN=38 TOS=0x00 PREC=0x00 TTL=1 ID=6263 PROTO=UDP SPT=48042 DPT=33435 LEN=18


But:

iptables -L -n | grep 208.244.116.59

.. returns nothing.

How could this have occurred?