3 Nov
2020
3 Nov
'20
9:38 a.m.
On 03.11.20 09:54, Maykel Franco via arch-general wrote: > El mar., 3 nov. 2020 a las 9:48, <u34@net9.ga> escribió: >> Maykel Franco via arch-general <arch-general@archlinux.org> wrote: >> >>> Hi, I have this script for iptables for my archlinux desktop: >>> >>> https://pastebin.com/SafhsKFt >>> >>> And when received external request access SSH error, fail2ban add rule >>> but the rule not working. >>> >>> I think it has to do with the iptables script, but the fail2ban >>> blocking rules add fine but don't ban. That could be happening? >> It could be that the banning fail2ban rule doesn't ban. >> 1. Can you show the iptables state before, and after, fail2ban added >> its rule? That is, issue an iptables -s command? I do hope I got >> the iptables command right. >> 2. Can you show fail2ban configuration? >> >> -- >> u34 > The problem is not fail2ban. The problem is the script iptables rules > because after exec script iptables: > > https://pastebin.com/SafhsKFt > > I try drop ip: > > iptables -A INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP > > Not block ip 192.168.0.33 on port 22. Thats the expected behavior. With -A you append a rule to the already existing rules. The problem is that you have already allowed port 22 in your script and this rule match for all incoming packets on port 22. Other rules will not be executed. I'm not an expert in fail2ban but when you use the following rule after the script is executed port 22 will be blocked iptables -I INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP -I means that the rule is insert on the first place in the chain. With "iptables -vL INPUT" you can see the order of the rule. First matching rule will be used and no other rules in the INPUT chain will be executed.