iptables not dropping ip
 

I have tried to find a topic for this, but i couldn`t so if there is one please reffer me.

So, i have centOS 5.2 and i use iptables. On it a run a couple of Counter-Strike servers. In my firewall i have a rule that states:

-A RH-Firewall-1-INPUT -m iprange --src-range 77.28.0.0-77.29.255.255 -j DROP

Input and forward are reffered to RH-Firewall-1-INPUT.But, it doesn`t drop the ips from the range. I have been working on it the whole morning and i`m really frustrated by now. I have tried with my ip

-A RH-Firewall-1-INPUT -s 77.46.191.147 -j DROP

and could still connect to the damn servers.

To edit the list i use:

iptables-save > /tmp/ipt
iptables-restore < /tmp/ipt (after i edited the file ofcourse)
/etc/init.d/iptables save

and when i check the chains with iptables -L -n all of them are there, but, again, i can still connect to the damn servers :)

It sounds like you've got a rule on top of this one sending the packets to ACCEPT.

Can you post the output of this command please:

Shure.

You've got sixteen rules sending packets to ACCEPT before your DROP rule. If any of the packets you wish to filter match any of those rules, they will be sent to ACCEPT and will never run into your DROP rule. You need to stick your DROP rule above the interfering ACCEPT rule(s), or stick the relevant ACCEPT rule(s) below your DROP one. Presumably, your problem here lies with rules 11—16, but only you can know for sure. Also note that if you want to prevent these IPs from connecting to anything, then you could simply stick your DROP rule at the very top of the chain.

Yes, well, i didn`t even notice that :$

It worked, thanks a lot, i`m blind :D

Heh, no problem. Glad you got it working. :)