On Thu, 2011-03-17 at 23:40 -0400, Yehuda Katz wrote:
> The server that I am working on now if not my first
> iptables experience, but it is my first fail2ban and
> webmin experience.
> One of the first things I did on my current server though, was install
> fail2ban (the nasty traffic hit within minutes of the server coming
This is a standard problem of fail2ban assuming it must insert all its
rules for you, and any tool that wants to manage them. That alone isn't
a problem. The problem is when the firewall manager (even as something
as simple as someone reloading them with iptables-restore) overwrites
the rules fail2ban inserted.
My solution was to add fail2ban rules into my standing firewall config:
:fail2ban-ssh - [0:0]
:fail2ban-postfix - [0:0]
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-ssh
-A INPUT -p tcp -m tcp -m multiport -j fail2ban-postfix --dports 25,587
... and modify fail2ban's config to only add/remove ban rules to the
appropriate chains. See the attached, which works on the fail2ban from
hardy to today.
"The hottest places in Hell are reserved for those who, in times of
moral crisis, preserved their neutrality."