From: <tk...@em...> - 2014-04-25 10:45:57
|
Based on the creation of your chain 'fail2ban-portscan' It only blocks access to ssh port, so other ports can still be touched from the outside. fail2ban-portscan tcp -- anywhere anywhere tcp dpt:ssh Tom i try block port scaners and i se his not working whereis trouble  i blocked in iptables Chain fail2ban-portscan (1 references) target   prot opt source        destination      DROP    all  --  staticline-31-182-50-18.toya.net.pl  anywhere   RETURN   all  --  anywhere       anywhere       iptables -nL Chain fail2ban-portscan (1 references) target   prot opt source        destination      DROP    all  --  31.182.50.18     0.0.0.0/0       RETURN   all  --  0.0.0.0/0       0.0.0.0/0        what is wrong ?? (bad version of iptables )? when i block manual add rules to iptables is working  my iptables -L Chain INPUT (policy DROP) target   prot opt source        destination      fail2ban-NoProxy  tcp  --  anywhere       anywhere       multiport dports http,https fail2ban-BadBots  tcp  --  anywhere       anywhere       multiport dports http,https fail2ban-NoLoginFailures  tcp  --  anywhere       anywhere       multiport dports http,https fail2ban-NoAuthFailures  tcp  --  anywhere       anywhere       multiport dports http,https fail2ban-courierauth  tcp  --  anywhere       anywhere       multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s fail2ban-couriersmtp  tcp  --  anywhere       anywhere       multiport dports smtp,ssmtp fail2ban-ssh-ddos  tcp  --  anywhere       anywhere       multiport dports tcpmux:1000 fail2ban-portscan  tcp  --  anywhere       anywhere       tcp dpt:ssh fail2ban-pam-generic  tcp  --  anywhere       anywhere       fail2ban-ssh  tcp  --  anywhere       anywhere       multiport dports ssh ACCEPT   all  --  anywhere       anywhere       state RELATED,ESTABLISHED ACCEPT   all  --  anywhere       anywhere       ACCEPT   tcp  --  anywhere       anywhere       tcp dpt:http ACCEPT   tcp  --  anywhere       anywhere       tcp dpt:https ACCEPT   tcp  --  anywhere       anywhere       tcp dpt:4343 ACCEPT   tcp  --  anywhere       anywhere       tcp dpt:http-alt ACCEPT   tcp  --  anywhere       anywhere       tcp dpt:smtp ACCEPT   tcp  --  anywhere       anywhere       tcp dpt:submission ACCEPT   tcp  --  anywhere       anywhere       tcp dpt:pop3 ACCEPT   tcp  --  anywhere       anywhere       tcp dpt:pop3s ACCEPT   tcp  --  anywhere       anywhere       tcp dpt:imap2 ACCEPT   tcp  --  anywhere       anywhere       tcp dpt:imaps ACCEPT   tcp  --  anywhere       anywhere       tcp dpt:ssh ACCEPT   icmp --  anywhere       anywhere       icmp echo-request LOG     all  --  anywhere       anywhere       LOG level notice tcp-sequence tcp-options ip-options prefix "PORT DENIED: " LOG     tcp  --  anywhere       anywhere       tcp dpt:https u32 "0x34=0x18030000:0x1803ffff" LOG level warning prefix "BLOCKED: HEARTBEAT" DROP    tcp  --  anywhere       anywhere       tcp dpt:https u32 "0x34=0x18030000:0x1803ffff" Chain FORWARD (policy DROP) target   prot opt source        destination      Chain OUTPUT (policy ACCEPT) target   prot opt source        destination      Chain fail2ban-BadBots (1 references) target   prot opt source        destination      RETURN   all  --  anywhere       anywhere       Chain fail2ban-NoAuthFailures (1 references) target   prot opt source        destination      RETURN   all  --  anywhere       anywhere       Chain fail2ban-NoLoginFailures (1 references) target   prot opt source        destination      RETURN   all  --  anywhere       anywhere       Chain fail2ban-NoProxy (1 references) target   prot opt source        destination      RETURN   all  --  anywhere       anywhere       Chain fail2ban-courierauth (1 references) target   prot opt source        destination      RETURN   all  --  anywhere       anywhere       Chain fail2ban-couriersmtp (1 references) target   prot opt source        destination      RETURN   all  --  anywhere       anywhere       Chain fail2ban-pam-generic (1 references) target   prot opt source        destination      RETURN   all  --  anywhere       anywhere       Chain fail2ban-portscan (1 references) target   prot opt source        destination      DROP    all  --  staticline-31-182-50-18.toya.net.pl  anywhere       RETURN   all  --  anywhere       anywhere       Chain fail2ban-ssh (1 references) target   prot opt source        destination      DROP    all  --  76.146.97.119.broad.wh.hb.dynamic.163data.com.cn  anywhere       RETURN   all  --  anywhere       anywhere       Chain fail2ban-ssh-ddos (1 references) target   prot opt source        destination      RETURN   all  --  anywhere       anywhere |