Appears the iptables update 1.4.7-14 which came with CentOS6 r6 is the most likely culprit. The solution for now is: delete ',dst' from the iptables INPUT chain delete 'src,' from the iptables OUTPUT chain. On Mon, Dec 8, 2014 at 5:39 PM, Rob Townley <rob.townley@xxxxxxxxx> wrote: > i created an ipset and added 8.8.8.8 to it and used the same iptables > working all summer long but > i can still ping 8.8.8.8 and do nslookup queries against it. ipset or > iptables is broken. > Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and > actually tested that IP addresses that are supposed to be blacklisted are > actually blocked? > > > Filed CentOS bug report 7977 <http://bugs.centos.org/view.php?id=7977> > this morning. ipset was working great most of the year until ipset 6.11.-3 > CentOS bug 7977 <http://bugs.centos.org/view.php?id=7977> > _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos