封单个IP的命令是：

iptables -I INPUT -s 211.1.0.0 -j DROP

参考：
Linux防火墙：iptables禁IP与解封IP常用命令

iptables记录日志：

suse 11 的 日志设置在 /etc/syslog-ng/syslog-ng.conf
在iptables添加日志选项
iptables -A INPUT -j LOG --log-prefix "iptables"

配置远程日志传输

Details
Edit the following file /etc/syslog-ng/syslog-ng.conf and uncomment or add the following line:
Make sure to uncomment or add this line to the source src block as such:

source src {
udp(ip("0.0.0.0") port(514));
};
If TCP is desired, change the line to read:
source src {
tcp(ip("0.0.0.0") port(514));
};

Restart the syslog service:
/etc/init.d/syslog restart
Verify that the syslog service is listening on the port specified by using the netstat program:

netstat -nap | grep syslog-ng
udp 0 0 0.0.0.0:514 0.0.0.0:* 8043/syslog-ng
If TCP is chosen as the protocol:
netstat -nap |grep syslog-ng
tcp 0 0 0.0.0.0:514 0.0.0.0:* 8043/syslog-ng

NOTE: If there is a firewall enabled, there must be an exception in place for the port chosen.
Setup the clients configuration:
Edit the /etc/syslog-ng/syslog-ng.conf file on the client machine and include/change the following information:

set up logging to loghost

destination loghost {
udp("192.168.93.163" port(514));
};

For TCP:

destination loghost {
tcp("192.168.93.163" port(514));
};

NOTE: Change the IP address to the ip address of the server that is acting as the loghost.

send everything to loghost

log {
source(src);
destination(loghost);
};

Restart the syslog service on the client machine:
/etc/init.d/syslog restart
Test the logging facility on the client to ensure logs are being forwarded to the loghost:
logger test testmessage
One should see test testmessage in /var/log/messages on both the client and the server.

参考：
linux 开启独立iptables日志
SUSE syslog-ng 设置
柏青哥的 SuSE Linux Enterprise Server 10 第九章　系統紀錄檔
iptables日志探秘
SUSE Linux Enterprise 11 Desktop/Server - How to Enable Remote Syslog Logging

© 2017, 新之助meow. 原创文章转载请注明： 转载自http://www.xinmeow.com