IP getting access even after blocking

Discussion in 'General' started by pawan, Jan 4, 2020.

Tags:
  1. pawan

    pawan Member HowtoForge Supporter

    78.128.113.62 - - [04/Jan/2020:19:59:33 +0530] "GET /efk-dashboard HTTP/1.1" 404 66914 "-" "python-requests/2.13.0"
    There are mulitple access records like this even after I have run the commands
    Code:
    ufw deny from 78.128.113.58/24 //for ufw
    ip route add unreachable 78.128.113 //for fail2ban
    I also restarted the fail2ban service after adding the ip
    How to fix this issue, I run out of idea.
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What has this got to do with fail2ban? ip route manipulates the routing table.
    If you want to add IP to fail2ban, use fail2ban commands.
    Code:
    fail2ban-client set <jailname> banip 78.128.113.58
    
     
  3. pawan

    pawan Member HowtoForge Supporter

    I have configured fail2ban with route as instructed somewhere here. like
    [DEFAULT]

    banaction = route

    in fail2ban jail.local. so will it not work with fail2ban. I am not sure.
     
  4. Tuumke

    Tuumke Active Member

    Code:
    ufw deny from 78.128.113.58/24 //for ufw
    You know that a /24 is 254 IP addresses? As far is a i know.. you should use
    Code:
    ufw deny from 78.128.113.58/32
    Not sure if command is complete though.. Quick search shows:
    Code:
    sudo ufw deny from {ip-address-here} to any
    for example:
    sudo ufw deny from 78.128.113.58 to any
     
  5. pawan

    pawan Member HowtoForge Supporter

    Actually the ufw rule was getting inserted after the allow rule so what I did
    deleted that rule and reinserted using
    Code:
    ufw insert 1 deny 78.128.113.58/24 to any
     
  6. Tuumke

    Tuumke Active Member

    Again, /24 is a whole network. Like most home networks are 192.168.0.1/24 (which means ip addressess from 192.168.0.1 to 192.168.0.254). A /32 is a single ip address.
     

Share This Page