Fail2Ban adds iptable rules but they are not working?
Posted
by
EApubs
on Server Fault
See other posts from Server Fault
or by EApubs
Published on 2012-08-29T07:00:12Z
Indexed on
2012/08/29
9:40 UTC
Read the original article
Hit count: 339
fail2ban
|cloudflare
Fail2Ban just blocked my IP for 3 SSH attempts. It added the iptables rule and I can see it using the "sudo iptables -L -n" command. But I can still access the site and login through SSH! What might be the problem? Is it because im using CloudFlare? I have set Nginx to write the real IPs to the access logs instead of the Cloud Flare IP. Isn't it enough?
Chain fail2ban-ssh (1 references)
target prot opt source destination
DROP all -- 119.235.14.8 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
The input chain :
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-NoAuthFailures tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
fail2ban-nginx-dos tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,8090
fail2ban-postfix tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465
fail2ban-ssh-ddos tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
ufw-before-logging-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-before-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-logging-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-reject-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-track-input all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
© Server Fault or respective owner