Logcheck keeps warning me about ssh unauthorised connection attempts from a particular IP address, so, to cut down the noise, I put in an iptables rule to block it.
# iptables -s iptables -A INPUT -s 18.104.22.168 -j DROP
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP all -- 10.197-31-94.telenet.ru anywhere
Yet auth.log still shows connection attempts. How is this getting through iptables? Is it perhaps the ACCEPT rule? If so, how do I put a narrow DROP rule ahead of a broad ACCEPT rule?
Thanks for any help.