I have followed the minihowto on fail2ban, the daemon seems to be running just fine. However, upon several purposeful brute force logins on SSH from a non-white listed IP, i did not get blocked.
Here's what tail shows:
e82-103-142-216s:~# tail -f /var/log/fail2ban.log
2007-08-10 17:57:58,810 fail2ban.filter : INFO Set ignoreregex =
2007-08-10 17:57:58,818 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-08-10 17:57:58,822 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-08-10 17:57:58,826 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-08-10 17:57:58,830 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-08-10 17:57:58,834 fail2ban.actions.action: INFO Set actionCheck = iptables -L INPUT | grep -q fail2ban-<name>
Anything missing in my config?
Shall i set iptables 1st?