Menu
▾
▴
Re: [Fail2ban-users] Fail2Ban ban not banning
|
From: Sayetsky A. <vs...@gm...> - 2013-06-19 17:57:52
|
2013/6/19 Spencer Shaw <spe...@sp...>: > Hi > > I am not sure. I followed an online tutorial. What do i need to type to see > if the rules are ok? Please, send replies to mailing list rather then directly to me - this will help to others. Unfortunately, I never used webmin. Below you can see complete iptables example containing only fail2ban rules (command is the same you used - iptables -nL): [root@backup ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-SSH (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 This means the following: 1. Chain INPUT (all incoming traffic) contains hook for redirecting tcp port 22 to chain fail2ban. 2. fail2ban will add attackers to the top of its chain, and return all packets that not matched. Note that iptables is first-match firewall, so the blocking rule (in our case it's a reference to fail2ban-SSH chain) must be added _before_ than accepting rule. Following example will NOT work because firewall accepts all SSH traffic and won't send it to fail2ban-SSH chain. [root@backup ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 fail2ban-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-SSH (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 So the correct rules must be something like: [root@backup ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-SSH (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Of course, you can omit ACCEPT rule in INPUT chain if the policy is ACCEPT I hope this will help you. |