Re: iptables question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 6/16/2014 8:52 PM, Chuck Campbell wrote:
> I ran a script after fail2ban was started. It looks like this:
> #!/bin/sh
> iptables -A INPUT -s 116.10.191.0/24 -j DROP
> iptables -A INPUT -s 183.136.220.0/24 -j DROP
> iptables -A INPUT -s 183.136.221.0/24 -j DROP
> iptables -A INPUT -s 183.136.222.0/24 -j DROP
> iptables -A INPUT -s 183.136.223.0/24 -j DROP
> iptables -A INPUT -s 122.224.11.0/24 -j DROP
> iptables -A INPUT -s 219.138.0.0/16 -j DROP
>
> so, how do I get them in front of the RH-Firewall-1-INPUT, or do I add them to
> that chain?

use -I (insert) rather than -A (append).

OR

specify chain RH-Firewall-1-INPUT rather than INPUT

OR, better

use system-config-firewall rather than running your own iptables 
commands.    this manages the rules used by the RH firewall scripts 
invoked by the iptables service which is run at boot time.

also, if you do manually add iptables rules, you can use `service 
iptables save` to remember these changes, instead of running them from 
your own scripts.      these changes get saved to /etc/sysconfig/iptables






-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux