How to Audit What Gets Added To IPTABLES?
Regardless, it's hard to diagnose because I can't tell what is giving IPTABLES this rule. Even trying to do a base allow all from my IP gets trumped by this rule that gets generated out of nowhere (seemingly nowhere).
I've tried some Google-Fu, but it mostly leads me to rules for IPTABLES that will generate audits of blocks/connections/etc - not a way to find out what is affecting the rules themselves. So basically, I'm here for any suggestions. I've tried even removing fail2ban and lessening some of my other rules and it still happens - so I'm inclined thus far to say this isn't the cause.
Help?
2 Replies
ALL: XXX.XXX.XXX.XXX
This doesn't "solve" whatever is causing the problem, but it likely will avoid the problem?
Nothing in a default LAMP stack will auto-entry IP's to be blocked.
Fail2ban is more PITA then security - lose that COMPLETELY and see what happens.
Might get more responses if you actually post some of your config files (like IPTABLES rules, fail2ban config, etc).