IPFW not locking people out

Posted by Cole on Super User See other posts from Super User or by Cole
Published on 2012-03-30T03:52:30Z Indexed on 2012/03/30 5:34 UTC
Read the original article Hit count: 580

Filed under:
|
|

I've had some brute-forcing of my ssh connection recently, so I got fail2ban to hopefully prevent that. I set it up, and started testing it out by giving wrong passwords on my computer. (I have physical access to the server if I need to unblock myself) However, it never stops me from entering passwords.

I see in /var/log/fail2ban.log that fail2ban kicked in and banned me, and there's a ipfw entry for my IP, but I'm not locked out. I've changed the configuration around, and then tried just using the ipfw command myself, but nothing seems to lock me out. I've tried the following blocks:

65300 deny tcp from 10.0.1.30 to any in
65400 deny ip from 10.0.1.30 to any
65500 deny tcp from 10.0.1.30 to any

My firewall setup has a "allow ip from any to any" rule after these though, maybe that's the problem?

I'm using Mac OS 10.6 (stock ipfw, it doesn't seem to have a --version flag)

Thanks in advance.

© Super User or respective owner

Related posts about security

Related posts about blocking