fail2ban iptable rule wont block
Posted
by
Termiux
on Server Fault
See other posts from Server Fault
or by Termiux
Published on 2013-10-29T16:49:39Z
Indexed on
2013/10/30
15:57 UTC
Read the original article
Hit count: 231
So I set up fail2ban on my Debian 7 server, still I've been getting hit a lot and I dont know why is not blocking properly. The regex works, it recognizes the attempts but it seems the iptables rules it insert wont work, this is how it look iptables ouput looks after fail2ban tries to block.
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 fail2ban-courierauth tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
2 fail2ban-couriersmtp tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
3 sshguard all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain fail2ban-courierauth (1 references)
num target prot opt source destination
1 DROP all -- 216.x.y.z 0.0.0.0/0
2 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-courierimap (0 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-courierpop3 (0 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-couriersmtp (1 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-postfix (0 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-sasl (0 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0
In the iptables above you can see the "Chain fail2ban-courierauth" rule that added the drop rule for the ip but Im still able to connect!!
I can still connect to the server, why isn't it blocking?
© Server Fault or respective owner
