I am working to a CentOS 6 server with nonstandard iptables system
without rule for ACCEPT ESTABLISHED connections. All tables and chains
empty (flush by legacy custom script) so only filter/INPUT chain has
rules (also fail2ban chain):
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-postfix tcp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0
ACCEPT all -- 127.0.0.0/8 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x17/0x02
Chain f2b-postfix (1 references)
target prot opt source destination
REJECT all -- 200.23.235.30 0.0.0.0/0 reject-with
icmp-port-unreachable
REJECT all -- 177.11.167.57 0.0.0.0/0 reject-with
icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
When fail2ban block a IP address, established connections are allowed to
continue, but with no rule to accept established connections how is that
possible? Why doesn't f2b first rule block established connections?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
