On 8 Mar 2016 07:36, "anax" <anax@xxxxxxxx> wrote:
>
> Hi
> strange behaviour of iptables on a centos 7.0 machine:
> The following rule is in the iptables of said machine:
>
> [root@myserver ~]# iptables -L -v -n --line-numbers |grep 175\.
> 9 9 456 DROP all -- * * 175.44.0.0/16
0.0.0.0/0
> [root@myserver ~]#
>
> The corresponding enty in /etc/sysconfig/iptables looks like:
>
> [root@myserver ~]# grep 175 /etc/sysconfig/iptables
> -A INPUT -s 175.44.0.0/16 -j DROP
> [root@myserver ~]#
>
> The rule must be there since ages, because it has number 9 out of 76
similar rules.
>
> Today, on the same machine (I rechecked it to make sure not to confound
machines), I see the following extract of the ftplog:
>
> <snip>
> 175.44.4.127 2915
> 175.44.26.128 2021
> 175.44.26.138 1322
> 175.44.6.186 1290
> 175.44.24.88 1219
> 175.44.4.199 1212
> </snip>
>
> saying that from this IP addresse there have been this many connections
to the ftp server on that machine during the last two days, which means
that the iptables haven't dropped the connection to the machine. As far as
I know, the ftp server is behind the iptables. I also checked to see in man
iptables, wheather the IP address is represented correctly.
>
> What im I missing?
>
Please provide the full iptables listing as a snippet from one section is
not useful.
Keep in mind iptables does not go by the most specific entry but rather the
first matching rule hit.
If there are any rules prior to this drop that would permit the traffic
then of course the traffic would be permitted.
Also 7.0? Please get that system updated asap as you are missing many
important (and higher) issues being fixed.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
