Forgive me if this does not go with the right topic, I am on digest and responding to a topic sometimes makes it start a new one. My reason for the iptables questions is to not follow the practice of putting up a wall and ignoring hackers. I want to be more proactive. If I have set my ssh port to 55994 and am not using port 22, but hackers are pounding on my port 22 looking for Ssh, then I want to not only know about it, I want to log them and prevent them access to my server and web applications. At least temporarily. I see now that many of the programs are log users and not real time. And many like fail2ban actually add chains to iptables that I Could do myself. It looks like getting some books on netfilter may be the way to go. I would rather stop stuff at the firewall then trust apache, php, sendmail, vsftp, etc. I would rather use them as back up failsafes while I work on hack proofing the single point of entry. I have a server sitting right on the net and the constant barrage of 100s of Ips trying thousands of times at port 22 is insane. I examine my logs and see so much in the way of dns posion attacks, ssh-mail-ftp, etc attacks that I do not want to just sit back and Think I am fine because I have a firewall and centos will send me bug fixes. That firewall seems like the 100% way of going at stopping and preventing issues. If an IP is doing something it should not be doing, most likely you do not want it probing anything else either. That's why I ask. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos