Fail2Ban adds iptable rules but they are not working?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by EApubs on Server Fault See other posts from Server Fault or by EApubs
Published on 2012-08-29T07:00:12Z Indexed on 2012/08/29 9:40 UTC
Read the original article Hit count: 334

Filed under:
|

Fail2Ban just blocked my IP for 3 SSH attempts. It added the iptables rule and I can see it using the "sudo iptables -L -n" command. But I can still access the site and login through SSH! What might be the problem? Is it because im using CloudFlare? I have set Nginx to write the real IPs to the access logs instead of the Cloud Flare IP. Isn't it enough?

Chain fail2ban-ssh (1 references)
 target     prot opt source               destination         
 DROP       all  --  119.235.14.8         0.0.0.0/0           
 RETURN     all  --  0.0.0.0/0            0.0.0.0/0

The input chain :

Chain INPUT (policy DROP)

    target     prot opt source               destination         
    fail2ban-NoAuthFailures  tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    fail2ban-nginx-dos  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,8090
    fail2ban-postfix  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 25,465
    fail2ban-ssh-ddos  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22
    fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22
    ufw-before-logging-input  all  --  0.0.0.0/0            0.0.0.0/0           
    ufw-before-input  all  --  0.0.0.0/0            0.0.0.0/0           
    ufw-after-input  all  --  0.0.0.0/0            0.0.0.0/0           
    ufw-after-logging-input  all  --  0.0.0.0/0            0.0.0.0/0           
    ufw-reject-input  all  --  0.0.0.0/0            0.0.0.0/0           
    ufw-track-input  all  --  0.0.0.0/0            0.0.0.0/0           
    LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about fail2ban

Related posts about cloudflare

  • Using dd-wrt Dynamic DNS client with CloudFlare

    as seen on Server Fault - Search for 'Server Fault'
    I'm trying to configure Dynamic DNS client on my router with dd-wrt (v24-sp2) firmware so it would dynamically change IP address in one of the DNS records. Unfortunately I encountered a problem… Here is an example request from their ddclient configuration: https://www.cloudflare.com/api.html?a=DIUP&u=<my_login>&tkn=<my_token>&ip=<my_ip>&hosts=<my_record>… >>> More

  • powweb and cloudflare

    as seen on Server Fault - Search for 'Server Fault'
    i am using powweb as hosting provider and cloudflare as free cdn. Its been few weeks since my website is down and it says "website down, no cache version available". And to add more to it, I cannot access powweb or any website hosted from powweb from my ISP connection. So i am facing trouble solving… >>> More

  • fail2ban with Cloudflare

    as seen on Server Fault - Search for 'Server Fault'
    I'm using fail2ban to block web vulnerability scanners. It is working correctly when visiting the site if CloudFlare is bypassed, but a user can still access it if going through it. I have mod_cloudflare installed. Is it possible to block users with IPtables when using Cloudflare? Ubuntu Server… >>> More

  • Passing all traffic through Cloudflare

    as seen on Server Fault - Search for 'Server Fault'
    I am new to Linux System Administration and I am experimenting with iptables trying to learn how to really lock down a system with them. And one thing a friend of mine recommended was that there was a way to pass all incoming traffic through Cloudflare so even if attackers resolved the server ip they… >>> More

  • cloudflare's mx record should set cname or A records

    as seen on Pro Webmasters - Search for 'Pro Webmasters'
    The cloudflare offical support said https://support.cloudflare.com/hc/en-us/articles/200168876-My-email-or-mail-stopped-working-What-should-I-do- But traditionally mx record should not set as cname http://www.exchangepedia.com/blog/2006/12/should-mx-record-point-to-cname-records.html But cloudflare… >>> More

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle