Re: apache being bombarded

From: Rodrigo Barbosa (rodrigob@tisbrasil.com.br)
Date: 03/13/02


Date: Wed, 13 Mar 2002 14:15:25 -0300
From: Rodrigo Barbosa <rodrigob@tisbrasil.com.br>
To: Mauricio Pretto <pretto@interage.com.br>

Okey, I got your point. Just to clarify it, in case some other reader didn't
got it.

iptables -A -> will add to the end of the chain
iptables -I (without rulenum) -> will add as the first entry on the chain

I just looked at the summary of the manpage, where it states:

       iptables -[RI] chain rulenum rule-specification [options]

And not

       iptables -[RI] chain [rulenum] rule-specification [options]

Maybe an update of the manpage is in order ?

On Wed, Mar 13, 2002 at 02:12:48PM -0300, Mauricio Pretto wrote:
> Its optional the rulenum
> Rodrigo Barbosa wrote:
> >On Mon, Mar 11, 2002 at 10:09:31AM +0100, Christian Gothe wrote:
> >>Geert Hauwaerts writes:
> >>
> >>>Add them in your firewall
> >>>iptables -A INPUT -i eth0 -s THERE_IP -j DROP
> >>>
> >>iptables -I INPUT -i eth0 -s THERE_IP -j DROP is the better choice in
> >>most iptables firewalls.
> >
> >Hummm, as far as I remember, -I requires a rulenum paramter.
> >Maybe you mean:
> >
> >iptables -I INPUT 1 -i eth0 -s THERE_IP -j DROP

-- 
 Rodrigo Barbosa                   - rodrigob at tisbrasil.com.br
 TIS 				   - Belo Horizonte, MG, Brazil
 "Quis custodiet ipsos custodes?"  - http://www.tisbrasil.com.br/
 Brainbench Certified -> Transcript ID #3332104