----- Message from Gao <[email protected]> --------- Date: Thu, 10 Mar 2016 09:12:03 -0800 From: Gao <[email protected]> Subject: Re: [Fail2ban-users] Sasl bans, still connecting To: [email protected]
Is your rule only block port 25 smtp? Just checked mine and it should block multiport by default:f2b-postfix-sasl tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,220,993,110,995Gao On 16-03-10 02:29 AM, Simon Wilson wrote:Hi list, What am I doing wrong? I got the notification: Hi, The IP 185.103.253.243 has just been banned by Fail2Ban after 3 attempts against sasl. iptables -L: ]# iptables -L <snip> Chain fail2ban-sasl (1 references) target prot opt source destinationREJECT all -- 185.103.253.243 anywhere reject-with icmp-port-unreachableRETURN all -- anywhere anywhere But it keeps connecting:Mar 10 20:08:00 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned
<snip>
Mar 10 20:25:21 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already bannedIs it this?: Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-sasl tcp -- anywhere anywhere tcp dpt:smtp RH-Firewall-1-INPUT all -- anywhere anywhereIptables is only jumping to the fail2ban Chain for port 25 (smtp). Should that be "always" and how do I make it so?Simon
The action was configured to just 'iptables'. I set it to be iptables-allports and the connections are now completely blocked, which is fine. Thanks all for comments. :)
Simon. -- Simon Wilson M: 0400 12 11 16
binwyKKfTeTxO.bin
Description: PGP Public Key
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
