Article:		Filtering IDS Packets
Subject:		ip still in weblog after filtering
Date:		2005-09-03 06:16:28
From:		don_parker
Response to: ip still in weblog after filtering
Hi there, I think you may be confusing BPF filters with IP Tab les syntax. Per your post here it sounds as if you are trying to use BPF filters to deny or allow traffic to your webserver. This will not work as BPF filters are for packet collection, and not for filtering IP's as it pertains to website access. Does this clarify? Cheers, Don

Showing messages 1 through 3 of 3.

• ip still in weblog after filtering
  2005-09-03 17:25:14  nbox [View]
  
  
  hi, will this line of code go in my htaccess file?
  
  iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset
  
  if i want to block access?
  
  i just didnt understand when i added a 'new rule' to block that ip address via the linux gui
  why it still showed up in the log file.
  do the ip's still show up in the log when they are set to be denied all access? could it be a spoofed ip?
  

• ip still in weblog after filtering
  2005-09-03 17:25:05  nbox [View]
  
  
  hi, will this line of code go in my htaccess file?
  
  iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset
  
  if i want to block access?
  
  i just didnt understand when i added a 'new rule' to block that ip address via the linux gui
  why it still showed up in the log file.
  do the ip's still show up in the log when they are set to be denied all access? could it be a spoofed ip?
  
• ip still in weblog after filtering
  2005-09-04 11:48:42  don_parker [View]
  
  
  Hi there,
  
  I am afriad that my IP Tables rule syntax is rusty due to lack of use, and I am not completely sure of your setup either. Due to that I would prefer not to give what could be potentially bad advice. Perhaps you could state the entire issue, and all the variables ie: Using Apache v2.x.x and all the other details.