iptables 좀 봐주세요..설정을 잘못했는지 안걸러지네요 ㅡㅜ

아파치 에러로그에

[Fri Nov 21 18:53:22 2008] [error] [client 219.254.157.243] File does not exist: /ho        me/www/reward/MarkAny

[Fri Nov 21 19:56:24 2008] [error] [client 118.222.216.40] File does not exist: /hom        e/www/home/favicon.ico

[Fri Nov 21 19:42:34 2008] [error] [client 89.175.221.207] File does not exist: /hom        e/www/reward/MSOffice

[Fri Nov 21 18:53:36 2008] [error] [client 121.136.37.214] Directory index forbidden         by Options directive: /home/www/reward/

위 네가지가 너무 많이 들어와서 어떻게 좀 막아볼까하고 쉘에서 명령으로

iptables -A INPUT -p tcp -m tcp --dport 80 --tcp-flags ACK ACK -m string --string "/_vti_bin"  --algo bm --to 65535 -j REJECT --reject-with tcp-reset

이런식으로 MSOffice,  favicon.ico, MarkAny 를 등록했습니다.

(없는 인덱스 부르는건 어떻게 해야 할지 몰라서 못했구요)

그런데 시간이 지나도 하나도 걸러지지 않는지 로고가 계속 쌓이네요 ㅡㅜ

제가 뭘 잘못한걸까요

iptables -L 해보면

----------------------

[root@s2i conf]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
RH-Firewall-1-INPUT  all  --  anywhere             anywhere           
REJECT     tcp  --  anywhere             anywhere            tcp dpt:http flags:ACK/ACK STRING match "/_vti_bin" ALGO name bm TO 65535reject-with tcp-reset
REJECT     tcp  --  anywhere             anywhere            tcp dpt:http flags:ACK/ACK STRING match "/MSOffice" ALGO name bm TO 65535reject-with tcp-reset
REJECT     tcp  --  anywhere             anywhere            tcp dpt:http flags:ACK/ACK STRING match "/favicon.ico" ALGO name bm TO 65535reject-with tcp-reset
REJECT     tcp  --  anywhere             anywhere            tcp dpt:http flags:ACK/ACK STRING match "/MarkAny" ALGO name bm TO 65535reject-with tcp-reset

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
RH-Firewall-1-INPUT  all  --  anywhere             anywhere           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere           
ACCEPT     ah   --  anywhere             anywhere           
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:mysql
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

==============

이렇게 나오는데요...

 조언 좀 부탁드립니다 .....