James B. Byrne wrote: > Chain RH-Firewall-1-INPUT (2 references) > num target prot opt source destination > 1 DROP all -- 202.14.0.0/24 anywhere > 2 DROP all -- 220.232.0.0/24 anywhere > Jan 12 13:36:02 inet01 sshd[16056]: Received disconnect from > 220.232.152.137: 11: Bye Bye > What is wrong with my IPTABLES rules that this connection is permitted? Seems that your subnet masks are not correct Try /16 instead of /24 if you really want to block the last two octets. nate _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos