LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-29-2014, 08:37 AM   #1
battles
Member
 
Registered: Apr 2014
Distribution: Debian GNU/Linux 7.5 (wheezy)
Posts: 258

Rep: Reputation: Disabled
Accessing iptables DROP records


Code:
num pkts bytes target prot opt in out source destination
7 0 0 DROP all -- * * 110.240.0.0/12 0.0.0.0/0 /* china */
10 11 472 DROP all -- * * 111.240.0.0/12 0.0.0.0/0 /* ~ */

I have these two drop records in my iptables. Most have pkts and bytes of 0. My question is: is pkts=11 and bytes=472 in record 10 showing that source 111.240.0.0/12 has been trying to hit my server again after I put the DROP record in?

Thanks.
 
Old 06-29-2014, 01:16 PM   #2
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 349

Rep: Reputation: Disabled
yes, but your DROP rule is matching these requests, and so they should not be getting any response from you. your rule looks like it is working
 
Old 06-29-2014, 01:19 PM   #3
battles
Member
 
Registered: Apr 2014
Distribution: Debian GNU/Linux 7.5 (wheezy)
Posts: 258

Original Poster
Rep: Reputation: Disabled
Thanks. I didn't think that anything was going back, but I wasn't sure if these were actually retries.
 
Old 06-29-2014, 01:22 PM   #4
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 349

Rep: Reputation: Disabled
if you're interested, do a packet trace on the interface you're working on, filtered for a destination address of 111.240.0.0/12. that will show you any traffic originating from you, going to one of those addresses.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it necessary to drop specific flags in IPTABLES with an INPUT DROP policy? rootaccess Linux - Networking 5 08-22-2012 09:10 PM
iptables drop sanjibgupta Linux - Security 6 06-08-2012 06:42 AM
my iptables can't drop ip of 71.6.40.83 38699678 Linux - Newbie 1 04-23-2008 09:22 PM
iptables - drop all -> allow needed OR allow all -> drop specific lucastic Linux - Security 5 12-21-2004 03:07 AM
Multiple Users accessing the same Email records Gomi Linux - Newbie 1 02-03-2004 01:13 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration