fail2ban - Why i get a entry in iptables?

Discussion in 'Server Operation' started by Steve85, Nov 12, 2013.

  1. Steve85

    Steve85 New Member

    Hello all,

    i use fail2ban to protect my server but i use the action "route" and NOT "iptables".

    The action route is working very well but the attacker get a entry in the iptables too. I´m not sure why?

    my jail.conf:
    Code:
    [ssh]
    
    enabled  = true
    filter   = sshd
    action   = route
               sendmail-whois[name=SSH, dest=support@domain.com]
    logpath  = /var/log/secure
    maxretry = 5
    my route action:
    Code:
    [Definition]
    actionban = ip route add unreachable <ip>
    actionunban = ip route del unreachable <ip>
    fail2ban log:
    Code:
    2013-11-12 01:48:13,744 fail2ban.actions: WARNING [ssh] Ban 79.143.87.222
    2013-11-12 02:48:13,985 fail2ban.actions: WARNING [ssh] Unban 79.143.87.222
    my iptables:
    Code:
    Chain DENYIN (0 references)
    target     prot opt source               destination
    DROP       all  --  79.143.87.222        anywhere
    
    Chain DENYOUT (0 references)
    target     prot opt source               destination
    DROP       all  --  anywhere             79.143.87.222
    So the script works very well! The route will be added and then deleted after the reset timer but a entry will be added to the iptables in this Chain`s and not removed?

    I use more iptable rules to protect the ports.

    Any idea?

    Best
     

Share This Page