[arch-general] Fail2Ban is not adding iptables rules
arch at trash.kofi.cc
arch at trash.kofi.cc
Tue Nov 3 09:38:55 UTC 2020
On 03.11.20 09:54, Maykel Franco via arch-general wrote:
> El mar., 3 nov. 2020 a las 9:48, <u34 at net9.ga> escribió:
>> Maykel Franco via arch-general <arch-general at archlinux.org> wrote:
>>
>>> Hi, I have this script for iptables for my archlinux desktop:
>>>
>>> https://pastebin.com/SafhsKFt
>>>
>>> And when received external request access SSH error, fail2ban add rule
>>> but the rule not working.
>>>
>>> I think it has to do with the iptables script, but the fail2ban
>>> blocking rules add fine but don't ban. That could be happening?
>> It could be that the banning fail2ban rule doesn't ban.
>> 1. Can you show the iptables state before, and after, fail2ban added
>> its rule? That is, issue an iptables -s command? I do hope I got
>> the iptables command right.
>> 2. Can you show fail2ban configuration?
>>
>> --
>> u34
> The problem is not fail2ban. The problem is the script iptables rules
> because after exec script iptables:
>
> https://pastebin.com/SafhsKFt
>
> I try drop ip:
>
> iptables -A INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP
>
> Not block ip 192.168.0.33 on port 22.
Thats the expected behavior. With -A you append a rule to the already
existing rules. The problem is that you have already allowed port 22 in
your script and this rule match for all incoming packets on port 22.
Other rules will not be executed.
I'm not an expert in fail2ban but when you use the following rule after
the script is executed port 22 will be blocked
iptables -I INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP
-I means that the rule is insert on the first place in the chain.
With "iptables -vL INPUT" you can see the order of the rule. First
matching rule will be used and no other rules in the INPUT chain will be
executed.
More information about the arch-general
mailing list