i have an IPcop firewall, and i'm trying to block some chinese hacker who is attempting to break in to my server through FTP. i put what i thought was the right entry in the rc.firewall.local script to totally block them, but i'm just starting to learn iptables and it doesn't seem to be working. they're still getting through, trying to hack a user name password with "brute force" attacking, it looks like from the ftp log. can anyone tell me how to block intruders so they can't get through the firewall?
the command i used is:
/sbin/iptables -A INPUT -s 123.456.78.90 -j DROP
i thought that would block them from everything, but like i said, they're still getting through IPcop to the server. do i need to change the -A to -I? or do i need something like customforward instead of input? not sure what i'm doing wrong, any help appreciated. thanks.
thanks, i thought i had used that one, but i wasn't sure. i had changed the rc.firewall file so many times trying different things that i couldn't remember when what rule was on to check it against the log.
so customforward means anything going from the router to IPs in the LAN, and input/output means anything going to the router itself, is that the idea? what's the difference between customforward and custominput/customoutput?