Blocked IP in iptables but still seeing it in apache logs

Your first iptables rule allows the very traffic you are trying to block.

1    ACCEPT     all  --  anywhere             anywhere            

Order matters.

At first I would suggest you use system-config-firewall or system-config-firewall-tui . There is a section with "custom rules" which will do this for you.

If you want to do this kind of things manually you have to insert the rule before the "ACCEPT" for tcp dpt:http . The easiest way is: iptables -I INPUT 1 -s xxx.xxx.xxx.xxx -j DROP

( Insert at position 1 , instead of Append )

Since your problem was already solved, let me add an aside: your INPUT chain already has the policy set to ACCEPT. The rule to ACCEPT all traffic is not only messing up your firewall, it is also redundant while working differently than the policy (depending on where in the chain the ACCEPTing rule is placed) - which makes it both useless and difficul to debug. Don't cover the same thing twice in your firewall.