I see lot of established connections to my apache server from the ip 188.241.114.22 which eventually causes apache to hang . After I restart the service everything works fine.
I tried adding a rule in iptables
-A INPUT -s 188.241.114.22 -j DROP
but despite that I keep seeing connections from that IP.
I'm using centOS and i'm adding the rule like thie:
iptables -A INPUT -s 188.241.114.22 -j DROP
Right afther that I save it using: service iptables save
Here is the output of iptables -L -v
Chain INPUT (policy ACCEPT 120K packets, 16M bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any lg01.mia02.pccwbtn.net anywhere
0 0 DROP all -- any any c-98-210-5-174.hsd1.ca.comcast.net anywhere
0 0 DROP all -- any any c-98-201-5-174.hsd1.tx.comcast.net anywhere
0 0 DROP all -- any any lg01.mia02.pccwbtn.net anywhere
0 0 DROP all -- any any www.dabacus2.com anywhere
0 0 DROP all -- any any 116.255.163.100 anywhere
0 0 DROP all -- any any 94.23.119.11 anywhere
0 0 DROP all -- any any 164.bajanet.mx anywhere
0 0 DROP all -- any any 173-203-71-136.static.cloud-ips.com anywhere
0 0 DROP all -- any any v1.oxygen.ro anywhere
0 0 DROP all -- any any 74.122.177.12 anywhere
0 0 DROP all -- any any 58.83.227.150 anywhere
0 0 DROP all -- any any v1.oxygen.ro anywhere
0 0 DROP all -- any any v1.oxygen.ro anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 186K packets, 224M bytes)
pkts bytes target prot opt in out source destination
Best Answer
The command iptables -A INPUT adds a new rule at the end of the INPUT chain. Iptables works on the 1st match principle so it is likely that you have rule that is allowing access on port 80 earlier in the chain.
Save the state of your iptables with a
service iptables savethen edit the
/etc/sysconfig/iptablesfile and move the-A INPUT -s 188.241.114.22 -j DROPabove the line that allows port 80. Save the file and runservice iptables restart