I have a redirect rule on my CSF like the below;
17.1.1.13|80|27.5.5.22|80|tcp
17.1.1.13
is my firewall(csf) and 27.5.5.22
is my web server address. So everybody access my web site through the firewall.
Blocking a redirect rule on CSF (iptables)
And I've been trying to block 50.30.0.0/16
CIDR block and it has been added to my csf.deny
file.
Now, if I try to visit web site using 44.5.6.7
ip address I can.
Although 50.30.0.1
is blocked, I can access web site using the ip address.
I want to block 50.30.0.1
in all circumstances.
Related lines of my iptables like the below. What should I do?
Chain DENYIN (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 LOGDROPIN all -- !lo * 50.30.0.0/16 0.0.0.0/0
Chain DENYOUT (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 50.30.0.0/16
Chain PREROUTING (policy ACCEPT 7 packets, 336 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REDIRECT tcp -- !lo * 50.30.0.0/16 0.0.0.0/0
2 0 0 REDIRECT tcp -- !lo * 50.30.0.0/16 0.0.0.0/0
3 0 0 DNAT tcp -- !lo * 0.0.0.0/0 17.1.1.13
4 0 0 DNAT tcp -- !lo * 0.0.0.0/0 17.1.1.13
Chain POSTROUTING (policy ACCEPT 6 packets, 699 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 SNAT tcp -- * !lo 0.0.0.0/0 27.5.5.22
2 0 0 SNAT tcp -- * !lo 0.0.0.0/0 27.5.5.22