[olug] ipset not actually blocking
rob.townley at gmail.com
Wed Dec 10 02:11:19 CST 2014
Incidentally, a different OS has a newer version of iptables
1.4.18-1.1ubuntu1, but still works the old way where SRC still matches
On Wed, Dec 10, 2014 at 2:03 AM, Rob Townley <rob.townley at gmail.com> wrote:
> Appears the iptables update 1.4.7-14 which came with CentOS6 r6 is the
> most likely culprit.
> The solution for now is:
> delete ',dst' from the iptables INPUT chain
> delete 'src,' from the iptables OUTPUT chain.
> On Mon, Dec 8, 2014 at 5:39 PM, Rob Townley <rob.townley at gmail.com> wrote:
>> i created an ipset and added 184.108.40.206 to it and used the same iptables
>> working all summer long but
>> i can still ping 220.127.116.11 and do nslookup queries against it. ipset or
>> iptables is broken.
>> Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and
>> actually tested that IP addresses that are supposed to be blacklisted are
>> actually blocked?
>> Filed CentOS bug report 7977 <http://bugs.centos.org/view.php?id=7977>
>> this morning. ipset was working great most of the year until ipset 6.11.-3
>> CentOS bug 7977 <http://bugs.centos.org/view.php?id=7977>
More information about the OLUG