Bastille + PSAD -> But cannot block an IP
With Bastille + PSAD
But in my needs to block off access to my server from an offending IP - I failed miserably.....
Presume offending IP address is 123.123.123.123
I have done this to IPTables :
iptables -A INPUT -s 123.123.123.123 -j DROP
iptables -L
Yes ... it has been added .... BUT ..
looking at my access_logs,
tail -f /var/log/httpd/access_log
123.123.123.123 is still able to access my server.
In my frustrations, I did a
/etc/rc.d/init.d/bastille-firewall stop
then continued by
iptables -A INPUT -s 123.123.123.123 -j DROP
and monitored my logs ...
tail -f /var/log/httpd/access_log
and surprise surprise .... the offending IP no longer has access to my server ! I've tried this using another PC ... and I have confirmed this scenario to be true...
iptables -A INPUT -s 123.123.123.123 -j DROP
DOES NOT WORK .. when BASTILLE is turned on ! ! !
When Bastille is turned back on ...
/etc/rc.d/init.d/bastille-firewall start
iptables -A INPUT -s 123.123.123.123 -j DROP
access is granted to 123.123.123.123
so this DOES NOT work when BASTILLE is turned on !
Really weird.
Any reasons why ? Any work-arounds ?
