Hi,
I add the rule in /etc/firewall.user:
iptables -t filter -I INPUT 2 -s X.X.X.X/32 -j DROP.
After reboot or executing "/etc/init.d/firewall restart", this rule appears in output of the command "itables -t filter --list-rules":
..........
-N zone_wan_src_REJECT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -m comment --comment "!fw3: user chain for input" -j input_rule
......................
It`s all good. But later output of the command "itables -t filter --list-rules" changed:
..............................
-N zone_wan_src_REJECT
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: user chain for input" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
.......................................
A few minutes later numbers of string "-A INPUT -s X.X.X.X/32 -j DROP" had increased even more...:
.......
-N zone_wan_src_REJECT
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -s X.X.X.X/32 -j DROP
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: user chain for input" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
...............
Why my rule from /etc/firewall.user dublicated ?
My device: Teltonika RUT900 3G ,fw: RUT9XX_R_00.06.09.2
Thanks!