Hi George,

Actually, using iptables -I INPUT -s xxxxxxxx -j DROP will just block the IP for around 24 hours or until the firewall cron runs that removes those input into the table in this manner.  Instead you can enter this command to edit the deny_hosts file:

vi /etc/apf/deny_hosts*

Scroll to the end of the file, and enter to insert text:

Esc + I

Press the enter key to go to the next line so the new IP will be on its own line, then paste the IP in question. To save, enter the Esc key, then (this writes and quits):

:wq

At the command prompt after you have left the file, then enter the following which will restart the firewall so the changes take affect:

/etc/init.d/apf restart

Adding an IP to deny_hosts file is a permanent block.

Thanks.

OK Danielle - it must have worked exactly as you instructed.

Check the obfuscated snapshot.
I added an IP right down below
another one whereas the red arrow points at.


So each time I will have to keep adding IP's,
right bottom below to the one I added, right?

Very helpful procedure indeed - thanks.

Danielle,

In my post above I have embedded a jpg picture.

OK, got that IP hierarchy. Thanks a lot for your help.