On 03.11.20 09:54, Maykel Franco via arch-general wrote:
El mar., 3 nov. 2020 a las 9:48, <u34@xxxxxxx> escribió:
Maykel Franco via arch-general <arch-general@xxxxxxxxxxxxx> wrote:
Hi, I have this script for iptables for my archlinux desktop:
https://pastebin.com/SafhsKFt
And when received external request access SSH error, fail2ban add rule
but the rule not working.
I think it has to do with the iptables script, but the fail2ban
blocking rules add fine but don't ban. That could be happening?
It could be that the banning fail2ban rule doesn't ban.
1. Can you show the iptables state before, and after, fail2ban added
its rule? That is, issue an iptables -s command? I do hope I got
the iptables command right.
2. Can you show fail2ban configuration?
--
u34
The problem is not fail2ban. The problem is the script iptables rules
because after exec script iptables:
https://pastebin.com/SafhsKFt
I try drop ip:
iptables -A INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP
Not block ip 192.168.0.33 on port 22.
Thats the expected behavior. With -A you append a rule to the already
existing rules. The problem is that you have already allowed port 22 in
your script and this rule match for all incoming packets on port 22.
Other rules will not be executed.
I'm not an expert in fail2ban but when you use the following rule after
the script is executed port 22 will be blocked
iptables -I INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP
-I means that the rule is insert on the first place in the chain.
With "iptables -vL INPUT" you can see the order of the rule. First
matching rule will be used and no other rules in the INPUT chain will be
executed.
