Cybersecurity

why would:

Code:

 iptables -A INPUT -s 180.0.0.0/8 -j DROP

along with /etc/hosts.deny rule of

Code:

 ALL: 180.0.0.0/8

not stop traffic to/from 180.x.x.x, which I still see by running iftop? Or could iftop just be showing an artifact and is there a better way to monitor connections real-time?

In fact I wonder if this is the right forum, I would believe Security - The UNIX and Linux Forums or IP Networking - The UNIX and Linux Forums more suitable... Let us know if you desire to move your thread...

First of all tcp_wrappers may be considered complementary in a multi-layered approach to network access restrictions but there's a fundamental difference between tcp_wrappers and Netfilter. The first works only at the application level (and only if the application was compiled with -libwrap) and the latter works at the network level, meaning no interaction with any application.
In short: Netfilter = "must have", tcp_wrappers = "nice to have".

As for your question you show isolated rules, no rule counters and no evidence of traffic, meaning your rule could be placed below a rule that already accepts traffic or you haven't killed or restarted the network process or didn't reset individual connections so you might be seeing already established connections.


I doubt that. Iftop uses the libpcap ('man 3 pcap') framework for data handling just like tcpdump, Wireshark or say nmap.

@vbe: thanks for moving the post, makes sense

@unSpawn: There are no other rules active in iptables, and I have restarted all the network related processes I could find. Thanks for the info on pcap