No, those were the first two entries listed in the IPTABLES list.
> -----Original Message-----
> From: Dogsbody [mailto:dan (at mark) dogsbody.org]
> Sent: Thursday, May 22, 2008 3:50 PM
> To: coba-e (at mark) bluequartz.org
> Subject: [coba-e:13046] Re: Confused...
>
>
> > I have a given IP address from Australia that has been HTTP flooding my
> site
> > a couple of times, and I have added the IP address to my IPTables. I
> can
> > see it in the IPTables listing:
> > DROP all -- 60-240-249-207.tpgi.com.au anywhere
> > DROP all -- 60-240-249-206.tpgi.com.au anywhere
> > Yet, they are still able to flood my server. How can this be?
>
> Is there a rule earlier on in your listings that traffic would match
> allowing it in?
>
> Traffic coming in runs through all the rules until it hits an ALLOW,
> DROP, etc. so if there is an ALLOW before it that matches it will never
> reach the DROP.
>
> Make sure things like whitelists and blocklists are at the beginning of
> your iptables rules [1].
>
> Dan
>
> [1] Unless you have a HUGE blocklist in which case you may want it at
> the end.