On 6/16/2014 8:52 PM, Chuck Campbell wrote:
> I ran a script after fail2ban was started. It looks like this:
> #!/bin/sh
> iptables -A INPUT -s 116.10.191.0/24 -j DROP
> iptables -A INPUT -s 183.136.220.0/24 -j DROP
> iptables -A INPUT -s 183.136.221.0/24 -j DROP
> iptables -A INPUT -s 183.136.222.0/24 -j DROP
> iptables -A INPUT -s 183.136.223.0/24 -j DROP
> iptables -A INPUT -s 122.224.11.0/24 -j DROP
> iptables -A INPUT -s 219.138.0.0/16 -j DROP
>
> so, how do I get them in front of the RH-Firewall-1-INPUT, or do I add them to
> that chain?
use -I (insert) rather than -A (append).
OR
specify chain RH-Firewall-1-INPUT rather than INPUT
OR, better
use system-config-firewall rather than running your own iptables
commands. this manages the rules used by the RH firewall scripts
invoked by the iptables service which is run at boot time.
also, if you do manually add iptables rules, you can use `service
iptables save` to remember these changes, instead of running them from
your own scripts. these changes get saved to /etc/sysconfig/iptables
--
john r pierce 37N 122W
somewhere on the middle of the left coast
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
