fail2ban iptable rule wont block
- by Termiux
So I set up fail2ban on my Debian 7 server, still I've been getting hit a lot and I dont know why is not blocking properly. The regex works, it recognizes the attempts but it seems the iptables rules it insert wont work, this is how it look iptables ouput looks after fail2ban tries to block.
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 fail2ban-courierauth tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
2 fail2ban-couriersmtp tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
3 sshguard all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain fail2ban-courierauth (1 references)
num target prot opt source destination
1 DROP all -- 216.x.y.z 0.0.0.0/0
2 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-courierimap (0 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-courierpop3 (0 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-couriersmtp (1 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-postfix (0 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-sasl (0 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0
In the iptables above you can see the "Chain fail2ban-courierauth" rule that added the drop rule for the ip but Im still able to connect!!
I can still connect to the server, why isn't it blocking?