[problem]
You do a netstat -an and see a raft of connections to your apache host, coming in at 10 – 20 a second.
It shows ::ffff:10.0.0.10:80 ::ffff:212.248.1.1:1403 in netstat output. These are IPV6 connections AFAIK.
Also you see ::1 – – [DD/MMM… in apache log. Restarting apache does nothing, the connections just reappear.
[/problem]
[solution]
You need to block all connections from this IP address using iptables. See example tab.
[/solution]
[example]
cp -i /etc/sysconfig/iptabes /etc/sysconfig/iptables.$(date +%j).bu
vi /etc/sysconfig/iptables
Add a line like the one below:
#block
-A INPUT -s 212.248.225.12 -j DROP
Then restart iptables like this: /etc/init.d/iptables restart as root.
Finally check your rules like this: /etc/init.d/iptables status as root.
[/example]
[reference]
[tags]Linux Security, Linux iptables, Fedora Core iptables, Linux Firewall, Unix Coding School[/tags]
[/reference]
If you have found my website useful, please consider buying me a coffee below 😉