On 6/16/2014 11:08 PM, John R Pierce wrote:
> On 6/16/2014 8:52 PM, Chuck Campbell wrote:
>> I ran a script after fail2ban was started. It looks like this:
>> #!/bin/sh
>> iptables -A INPUT -s 116.10.191.0/24 -j DROP
>> iptables -A INPUT -s 183.136.220.0/24 -j DROP
>> iptables -A INPUT -s 183.136.221.0/24 -j DROP
>> iptables -A INPUT -s 183.136.222.0/24 -j DROP
>> iptables -A INPUT -s 183.136.223.0/24 -j DROP
>> iptables -A INPUT -s 122.224.11.0/24 -j DROP
>> iptables -A INPUT -s 219.138.0.0/16 -j DROP
>>
>> so, how do I get them in front of the RH-Firewall-1-INPUT, or do I add them to
>> that chain?
> use -I (insert) rather than -A (append).
>
> OR
>
> specify chain RH-Firewall-1-INPUT rather than INPUT
I used the RH-Firewall-1-INPUT chain, and -I, defaulting to position 1, and all
is working as I had anticipated.
It is working as expected, killing all of those rolling ip attempts. I was
loathe to use system-config-firewall, because I wasn't sure it wouldn't drop
something I needed, or forgot to include, and it would have wiped out the
existong ruleset. I'll experiment with that when I am physically in front of the
server, instead of remote from it. I would have had no quick remedy if I messed
it up.
Thanks you for the clear concise explanation.
-chuck
--
ACCEL Services, Inc.| Specialists in Gravity, Magnetics | (713)993-0671 ph.
| and Integrated Interpretation | (713)993-0608 fax
448 W. 19th St. #325| Since 1992 | (713)306-5794 cell
Houston, TX, 77008 | Chuck Campbell | campbell@xxxxxxxxxxxx
| President & Senior Geoscientist |
"Integration means more than having all the maps at the same scale!"
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
