Ipset Not Actually Blocking
i created an ipset and added 8.8.8.8 to it and used the same iptables working all summer long but
i can still ping 8.8.8.8 and do nslookup queries against it. ipset or iptables is broken.
Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and actually tested that IP addresses that are supposed to be blacklisted are actually blocked?
Filed CentOS bug report 7977
CentOS bug 7977
2 thoughts on - Ipset Not Actually Blocking
Appears the iptables update 1.4.7-14 which came with CentOS6 r6 is the most likely culprit.
The solution for now is:
delete ‘,dst’ from the iptables INPUT chain delete ‘src,’ from the iptables OUTPUT chain.
CentOS mailing list CentOS@CentOS.org http://lists.CentOS.org/mailman/listinfo/CentOS
Incidentally, a different OS has a newer version of iptables
1.4.18-1.1ubuntu1, but still works the old way where SRC still matches SRC,DST.
CentOS mailing list CentOS@CentOS.org http://lists.CentOS.org/mailman/listinfo/CentOS