IPtables rules dont work

[hensap]

Hey guys,

I have a strange problem. My virtual server run on CentOS Linux 7.1.1503. I closed an IP Range via iptables. For example this way:

Code: Select all

iptables -A INPUT -s 99.0.0.0/8 -j DROP

And yet the IPAdress 99.25.211.119 try to bruteforce.

Code: Select all

Feb  9 12:46:58 xxx postfix/smtpd[7628]: warning: static-ip-99-25-211-119.inaddr.ip-pool.com[99.25.211.119]: SASL LOGIN authentication failed: authentication failure

Why/how did he ever pass? The IP 99.25.211.119 should be blocked on all ports right? Why is this happening? Someone has an idea, I'm really desperate.

greets Henry

[TrevorH]

The default ruleset ends with a -j REJECT and if you -A append any rules then they will go after that and never be reached.

[hensap]

You suggest i should take -j Reject anstead -j DROP ? I took DROP because the sender gets no answer, otherwise he knows there is a target.
I thought -A adds a new rule to the chain INPUT. Which syntax would you take?

Sry my english is not the best

greets >Henry

[TrevorH]

No, I'm telling you that if you use -A it appends the new rule _after_ the existing one that rejects all traffic so the new rule is never reached. You need to -I insert the new rule at a specific line number so that it appears in the chain before the rule that rejects the traffic.