Hello,
I'm using fail2ban to block bots in conjunction with existing iptables
rules. Here's a few rules from my iptables configuration:
#
# Set up a temporary pass rule so we don't lock ourselves out when
#doing remote ssh
iptables -P INPUT ACCEPT
#
# flush the current rules
iptables -F
#
# Allow SSH connections on tcp port 22
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#
# Set default policies for INPUT, FORWARD and OUTPUT chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -s 202.0.0.0/8 -j DROP
This morning the ssh fail2ban jail blocked this:
202.205.176.125
and the email sent gave me this ip range:
inetnum: 202.205.176.0 - 202.205.191.255
That shouldn't have even been seen it should have been blocked by the
202/8 drop rule before fail2ban even saw it. Is that not so?
Suggestions welcome.
Thanks.
Dave.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
