iptables - Blocking by IP - but still accessing ??

djblamire

Well-Known Member
May 3, 2003
255
1
168
I noticed that a lot of apache sessions were showing with the status of '...reading...'.

If I checked the source of these, they were all coming from one IP address.

I therefore used the following command:
iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP (where XXX.XXX.XXX.XXX is the IP address)

However, after doing this, and running the following command:
tail -f /usr/local/apache/logs/access_log

I still get new entries showing as:
XXX.XXX.XXX.XXX - - [09/Jun/2006:21:05:15 +0100] "-" 408 -
XXX.XXX.XXX.XXX - - [09/Jun/2006:21:05:26 +0100] "-" 408 -
XXX.XXX.XXX.XXX - - [09/Jun/2006:21:06:02 +0100] "-" 408 -
XXX.XXX.XXX.XXX - - [09/Jun/2006:21:06:15 +0100] "-" 408 -
XXX.XXX.XXX.XXX - - [09/Jun/2006:21:06:26 +0100] "-" 408 -

Any ideas ???

Will entries in the iptables table automatically be saved on updates, reboots, etc ?

Thanks again,
Daniel
 

djblamire

Well-Known Member
May 3, 2003
255
1
168
Seems to have worked now - Maybe just a time delay ???

Anyway, does anyone know if the entries in the iptables table automatically be saved on updates, reboots, etc ?

Thanks in advance,
Daniel