封鎖IP地址iptables的，但是DDOS仍是怎麼回事

Question

我今天對網絡服務器運行Debian sequeeze一個DDOS和阻止各種IP-不會忽略在iptables中，像這樣：

iptables -A INPUT -s 169.50.5.42 -j DROP 

但似乎沒有被丟棄來自這些IP的流量。

清單使用iptables所有規則-L給出了下面的輸出：

Chain INPUT (policy ACCEPT) 
target  prot opt source    destination   
fail2ban-ssh tcp -- anywhere    anywhere   multiport dports ssh 
fail2ban-pureftpd tcp -- anywhere    anywhere   multiport dports ftp 
fail2ban-dovecot-pop3imap tcp -- anywhere    anywhere   multiport dports pop3,pop3s,imap2,imaps 
DROP  all -- 169.50.5.42-static.reverse.softlayer.com anywhere    
DROP  all -- 169.50.5.45-static.reverse.softlayer.com anywhere    
DROP  all -- 169.50.5.37-static.reverse.softlayer.com anywhere    
DROP  all -- 169.50.5.36-static.reverse.softlayer.com anywhere    
DROP  all -- 169.50.5.38-static.reverse.softlayer.com anywhere    
DROP  all -- 169.50.5.39-static.reverse.softlayer.com anywhere    
DROP  all -- 169.50.5.45-static.reverse.softlayer.com anywhere    
DROP  all -- 169.50.5.42-static.reverse.softlayer.com anywhere    

Chain FORWARD (policy ACCEPT) 
target  prot opt source    destination   

Chain OUTPUT (policy ACCEPT) 
target  prot opt source    destination   

Chain fail2ban-dovecot-pop3imap (1 references) 
target  prot opt source    destination   
RETURN  all -- anywhere    anywhere    

Chain fail2ban-pureftpd (1 references) 
target  prot opt source    destination   
RETURN  all -- anywhere    anywhere    

Chain fail2ban-ssh (1 references) 
target  prot opt source    destination   
DROP  all -- 43.229.53.60   anywhere    
RETURN  all -- anywhere    anywhere    

有什麼事，我錯過了什麼？

Answer 1

我可以自己回答。顯然，它需要一段時間才能在內部應用所有更改。一分鐘左右後，規則正在起作用。