View Single Post
Old 10th August 2007, 19:12
nzimas nzimas is offline
Join Date: May 2007
Posts: 47
Thanks: 0
Thanked 0 Times in 0 Posts
Default fail2ban not blocking

I have followed the minihowto on fail2ban, the daemon seems to be running just fine. However, upon several purposeful brute force logins on SSH from a non-white listed IP, i did not get blocked.

Here's what tail shows:

e82-103-142-216s:~# tail -f /var/log/fail2ban.log
2007-08-10 17:57:58,810 fail2ban.filter : INFO   Set ignoreregex =
2007-08-10 17:57:58,818 fail2ban.actions.action: INFO   Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-08-10 17:57:58,822 fail2ban.actions.action: INFO   Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-08-10 17:57:58,826 fail2ban.actions.action: INFO   Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-08-10 17:57:58,830 fail2ban.actions.action: INFO   Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-08-10 17:57:58,834 fail2ban.actions.action: INFO   Set actionCheck = iptables -L INPUT | grep -q fail2ban-<name>
Anything missing in my config?

Shall i set iptables 1st?

Reply With Quote