Re: [Fail2ban-users] Fail2ban-users] HI fail2ban don block

[<tk...@em...>]

Based on the creation of your chain 'fail2ban-portscan' It only blocks access to
ssh port, so other ports can still be touched from the outside.


fail2ban-portscan  tcp  --  anywhere             anywhere             tcp
dpt:ssh

Tom




i try block port scaners and i se his not working whereis trouble  i blocked

in iptables

Chain fail2ban-portscan (1 references)

 

target     prot opt source               destination        Â
DROP       all  --  staticline-31-182-50-18.toya.net.pl  anywhere     
 

RETURN     all  --  anywhere             anywhere           Â
iptables -nL

Chain fail2ban-portscan (1 references)
target     prot opt source               destination        Â

 

DROP       all  --  31.182.50.18         0.0.0.0/0          Â
RETURN     all  --  0.0.0.0/0            0.0.0.0/0        
 Â

 

Â

what is wrong ?? (bad version of iptables )? when i block manual add rules to iptables is
workingÂ
Â


my iptables -L

Chain INPUT (policy DROP)

 

target     prot opt source               destination        Â
fail2ban-NoProxy  tcp  --  anywhere             anywhere             multiport
dports http,https
fail2ban-BadBots  tcp  --  anywhere             anywhere             multiport
dports http,https

 

fail2ban-NoLoginFailures  tcp  --  anywhere             anywhere            
multiport dports http,https
fail2ban-NoAuthFailures  tcp  --  anywhere             anywhere            
multiport dports http,https

 

fail2ban-courierauth  tcp  --  anywhere             anywhere            
multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
fail2ban-couriersmtp  tcp  --  anywhere             anywhere            
multiport dports smtp,ssmtp

 

fail2ban-ssh-ddos  tcp  --  anywhere             anywhere            
multiport dports tcpmux:1000
fail2ban-portscan  tcp  --  anywhere             anywhere             tcp
dpt:ssh
fail2ban-pam-generic  tcp  --  anywhere             anywhere           Â

 

fail2ban-ssh  tcp  --  anywhere             anywhere             multiport
dports ssh
ACCEPT     all  --  anywhere             anywhere             state
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           Â

 

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:4343

 

ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:submission

 

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:imap2

 

ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     icmp --  anywhere             anywhere             icmp
echo-request

 

LOG        all  --  anywhere             anywhere             LOG level
notice tcp-sequence tcp-options ip-options prefix "PORT DENIED: "
LOG        tcp  --  anywhere             anywhere             tcp dpt:https
u32 "0x34=0x18030000:0x1803ffff" LOG level warning prefix "BLOCKED: HEARTBEAT"

 

DROP       tcp  --  anywhere             anywhere             tcp dpt:https
u32 "0x34=0x18030000:0x1803ffff"
Chain FORWARD (policy DROP)
target     prot opt source               destination        Â

 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        Â
Chain fail2ban-BadBots (1 references)
target     prot opt source               destination        Â

 

RETURN     all  --  anywhere             anywhere           Â
Chain fail2ban-NoAuthFailures (1 references)
target     prot opt source               destination        Â
RETURN     all  --  anywhere             anywhere           Â

 

Chain fail2ban-NoLoginFailures (1 references)
target     prot opt source               destination        Â
RETURN     all  --  anywhere             anywhere           Â

 

Chain fail2ban-NoProxy (1 references)
target     prot opt source               destination        Â
RETURN     all  --  anywhere             anywhere           Â
Chain fail2ban-courierauth (1 references)

 

target     prot opt source               destination        Â
RETURN     all  --  anywhere             anywhere           Â
Chain fail2ban-couriersmtp (1 references)
target     prot opt source               destination        Â

 

RETURN     all  --  anywhere             anywhere           Â
Chain fail2ban-pam-generic (1 references)
target     prot opt source               destination        Â
RETURN     all  --  anywhere             anywhere           Â

 

Chain fail2ban-portscan (1 references)
target     prot opt source               destination        Â
DROP       all  --  staticline-31-182-50-18.toya.net.pl  anywhere           Â

 

RETURN     all  --  anywhere             anywhere           Â
Chain fail2ban-ssh (1 references)
target     prot opt source               destination        Â
DROP       all  --  76.146.97.119.broad.wh.hb.dynamic.163data.com.cn  anywhere          
Â

 

RETURN     all  --  anywhere             anywhere           Â
Chain fail2ban-ssh-ddos (1 references)
target     prot opt source               destination        Â
RETURN     all  --  anywhere             anywhere