Re: iptables - how to block established connections with fail2ban?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 6/25/19 11:41 PM, MRob wrote:
When fail2ban block a IP address, established connections are allowed to continue, but with no rule to accept established connections how is that possible?


It doesn't look like it would be.

1: Open a connection that will demonstrate the problem later.
2: Trigger a block from an address that you control.
3: Check the output of "iptables -L -v" to demonstrate that the address is blocked. 4: Use "tcpdump -nn -i any host <address>" to watch traffic from that address. 5: Send a command over the connection from step 1.  tcpdump should show packets in both directions, and your session should be usable, according to the problem you described. 6: Check the output of "iptables -L -v" again and look at the counters on each rule to see which rule is being matched.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux