Maykel Franco via arch-general <arch-general@xxxxxxxxxxxxx> wrote: > El mar., 3 nov. 2020 a las 10:45, <u34@xxxxxxx> escribi??: > > > > Maykel Franco via arch-general <arch-general@xxxxxxxxxxxxx> wrote: > > > > > El mar., 3 nov. 2020 a las 9:48, <u34@xxxxxxx> escribi??: > > > > > > > > Maykel Franco via arch-general <arch-general@xxxxxxxxxxxxx> wrote: > > > > > > > > > Hi, I have this script for iptables for my archlinux desktop: > > > > > > > > > > https://pastebin.com/SafhsKFt > > > > > > > > > > And when received external request access SSH error, fail2ban add rule > > > > > but the rule not working. > > > > > > > > > > I think it has to do with the iptables script, but the fail2ban > > > > > blocking rules add fine but don't ban. That could be happening? > > > > > > > > It could be that the banning fail2ban rule doesn't ban. > > > > 1. Can you show the iptables state before, and after, fail2ban added > > > > its rule? That is, issue an iptables -s command? I do hope I got > > > > the iptables command right. > > > > 2. Can you show fail2ban configuration? > > > > > > > > -- > > > > u34 > > > > > > The problem is not fail2ban. The problem is the script iptables rules > > > because after exec script iptables: > > > > > > https://pastebin.com/SafhsKFt > > > > > > I try drop ip: > > > > > > iptables -A INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP > > > > > > Not block ip 192.168.0.33 on port 22. > > > > Possibly because that line is added as the last lines of the iptables. > > The accept lines of the script already accepted the 192.168.0.33 connection. You > > probably want to issue an Insert, or a Replace, command. -I or -R, if I remmeber > > correcly. > > What is the output of iptables -s, if I remember correctly, > > after you issued > > the 192.168.0.33 related command? > > > > As an aside, I think you should revert to nft (nftables). > > > > -- > > u34 > > Thanks for your response. With -I works well with: > > iptables -I INPUT -p tcp -s 192.168.0.33 --dport 2222 -j DROP > > And now, for iptables works well, How it solved? I need iptables add > rules on first place. I didn't follow. iptables doesn't add rules by itself. Someone, or something, tells it what rules it should use. Whom do want to tell iptables to add rules on first place? -- u34
