fail2ban iptables rules not banning

Question

fail2ban iptables rules not banning

networking

I'm not quite sure why this isn't working… it should. I am testing my fail2ban installation by trying to get myself banned. Fail2ban is picking up my SSH brute force attempts, is properly banning me, the iptables rule is there…. but I can still connect to my server without a problem.

fail2ban.log:

[root@server2 log]# tail fail2ban.log

2009-11-06 21:27:34,766 fail2ban.actions: INFO Set banTime = 600

2009-11-06 21:27:34,823 fail2ban.jail : INFO Creating new jail 'proftpd-iptables'

2009-11-06 21:27:34,823 fail2ban.jail : INFO Jail 'proftpd-iptables' uses poller

2009-11-06 21:27:34,824 fail2ban.filter : INFO Added logfile = /var/log/secure

2009-11-06 21:27:34,825 fail2ban.filter : INFO Set maxRetry = 10

2009-11-06 21:27:34,826 fail2ban.filter : INFO Set findtime = 600

2009-11-06 21:27:34,826 fail2ban.actions: INFO Set banTime = 600

2009-11-06 21:27:34,838 fail2ban.jail : INFO Jail 'ssh-iptables' started

2009-11-06 21:27:34,839 fail2ban.jail : INFO Jail 'proftpd-iptables' started

2009-11-06 21:27:55,845 fail2ban.actions: WARNING [ssh-iptables] Ban 98.197.128.40

[root@server2 log]# iptables -L | grep 98.197.128.40

DROP all – c-98-197-128-40.hsd1.tx.comcast.net anywhere

Here is my whole iptables ruleset:

[root@server2 log]# iptables -L

Chain INPUT (policy DROP)

target prot opt source destination

fail2ban-ProFTPD tcp – anywhere anywhere tcp dpt:ftp

fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh

ACCEPT all -- anywhere anywhere

ACCEPT tcp -- anywhere anywhere tcp flags:ACK/ACK

ACCEPT all -- anywhere anywhere state ESTABLISHED

ACCEPT all -- anywhere anywhere state RELATED

ACCEPT udp -- anywhere anywhere udp spt:domain dpts:1024:65535

ACCEPT icmp -- anywhere anywhere icmp echo-reply

ACCEPT icmp -- anywhere anywhere icmp destination-unreachable

ACCEPT icmp -- anywhere anywhere icmp source-quench

ACCEPT icmp -- anywhere anywhere icmp time-exceeded

ACCEPT icmp -- anywhere anywhere icmp parameter-problem

ACCEPT tcp -- anywhere anywhere tcp dpt:smakynet

ACCEPT tcp -- anywhere anywhere tcp dpt:auth

ACCEPT icmp -- anywhere anywhere icmp echo-request

ACCEPT tcp -- anywhere anywhere tcp dpt:domain

ACCEPT udp -- anywhere anywhere udp dpt:domain

ACCEPT tcp -- anywhere anywhere tcp dpt:http

ACCEPT tcp -- anywhere anywhere tcp dpt:https

ACCEPT tcp -- anywhere anywhere tcp multiport dports smtp,submission

ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:ftp

ACCEPT tcp -- anywhere anywhere tcp multiport dports pop3,pop3s

ACCEPT tcp -- anywhere anywhere tcp multiport dports imap,imap3,imaps

ACCEPT tcp -- anywhere anywhere tcp dpts:10123:10133

ACCEPT tcp -- anywhere anywhere tcp dpt:dnp

DROP all -- mail.insuranceprovidersgroup.com anywhere

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

Chain fail2ban-ProFTPD (1 references)

target prot opt source destination

RETURN all -- anywhere anywhere

Chain fail2ban-SSH (1 references)

target prot opt source destination

DROP all -- c-98-197-128-40.hsd1.tx.comcast.net anywhere

RETURN all -- anywhere anywhere

Any ideas why packets from me are not getting dropped like they should be?

1 Reply

forum:arjones85 · Answer 1 · Nov. 6, 2009, 10:41 p.m.

forum:arjones85 15 years ago

Nevermind, figured it out. I saw that it was looking for the packets on the regular SSH port, and I do not use the regular ssh port. Changing the action in jail.conf to iptables-allports worked correctly =) I am now successfully banned. Yay! :lol:

Compute

Storage

Networking

Databases

Services

Developer Tools

Industries

Pricing

Community

Engage With Us

fail2ban iptables rules not banning

1 Reply

Reply

Tips: