The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iptables - do they block IP's automatically?

Discussion in 'General Discussion' started by noimad1, Mar 14, 2005.

  1. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    I am running apf with anti-dos as well and I have a customer that keeps getting blocked in the iptables.

    However, it is not listed as being blocked by apf in the apf or anti-dos logs. So I guess my question is there some other way that iptables would automatically block a client. The other strange thing is that it is not blocking his IP address but his host name?

    We just are not sure why he keeps getting blocked....

    Thanks,
    Damion
     
  2. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    16
    Have you got BFD installed?
     
  3. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    not on that server, which is why I thought it was weired that it was being blocked.

    How about this, last night I flushed the IP tables, then this morning it looks like all of the old rules were back in there -> which is why I think my customers account was blocked again.

    Are these rules stored somewhere that even after flushing them they might come back?
     
  4. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    Or is there a way to setup an ignore for a specific IP address...Like if I put an ACCEPT line in there will it always eaccept and not ever add a DROP for that IP?
     
  5. ehpmahesh

    ehpmahesh Well-Known Member

    Joined:
    Jul 3, 2004
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    I think if you give his IP to allow list then may possible your problem get solved. Second thing did you have exim RBL install on your server. Casue if you have RBL it will block the IP and domain name those who are doing spaming. check that did that domain or IP doing spaming. Let me know the result.
     
  6. webits

    webits Well-Known Member

    Joined:
    May 15, 2004
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    16
    I had the Same Problem

    Well I have APF/BFD installed I had the same problem with my IP RANGE, IT blocked my ISP SERVER IP GATEWAYS, etc. I had to put that on the allow list etc, since my IP aint static or nothing but i Could SSH but not view websites etc. So it blocked me out from VIEW websites.
     
  7. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    I do think we might be using RBL on that server. I will take a look at that and see if that is a possibility.

    This particular customer is a wireless internet provider, and he has a lot of websites with us. The host name that is being blocked happens to be one of the routers for his wireless portion of things. So pretty much all of his customers e-mails stopped working as well as they couldn't access their own sites. Kind of a pain...
     
  8. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    Ok, I had put the ACCEPT line in the IPTABLES, but for some reason anything I enter in there keeps getting written over. Would there be anything that would be clearing out my entries or overwriting them with old data for some reason?
     
  9. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    16
    If you are running APF, the configuration in /etc/apf/* will take precendence over IPTables configurations (IIRC). Try adding the IP to /etc/apf/allow_hosts.rules and restarting APF>
     
  10. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16

    Right, but doesn't the APF e-mail you when they block an IP and also log it somehwere? I can't find that apf is the one that is actually blocking this IP address?

    My main problems are that 1. I can not figure out why the ACCEPT rule keeps getting dropped out of the iptables, and 2. Why the IP is getting blocked in the first place, and 3. What program is blocking it?

    Once you put it an ACCEPT rule in the iptables shouldn't it stay? It seems like nightly it is being removed.
     
Loading...

Share This Page