On Friday 22 February 2002 15:30, Oliver Krapp - etracker.de wrote:
since a few day there is much in traffic (~100 kbit/sec) from a specified host to my server, I notice this first on my mrtg graph, then detailed with ntop.
I want to block the IP with the following iptables commands:
iptables -A OUTPUT -j DROP -d xxx.xxx.xxx.xxx iptables -A OUTPUT -j DROP -s xxx.xxx.xxx.xxx iptables -A INPUT -j DROP -d xxx.xxx.xxx.xxx iptables -A INPUT -j DROP -s xxx.xxx.xxx.xxx
If you use SNAT or DNAT and that IP is matched by an SNAT or DNAT rule
then the INPUT and OUPUT chains are not used. Instead use the FORWARD chain.
I don't use NAT, anyway if I also add rules for the FORWARD chain, it is the same effect.
Maybe you already solved this, but here are some suggestions: How do the packets look like, did you try to capture some of them with tcpdump ? Maybe the packets get accepted before they reach your drop rules ? Andreas Baetz ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been scanned for the presence of computer viruses. **********************************************************************