On 8 September 2017 at 16:22, Eckert, Doug <doug.eck...@dowjones.com> wrote:
> CentOS 6 with fail2ban-0.9.2-1.el6.noarch, and iptables-1.4.7-16.el6.x86_64
>
> Not sure where my issue lies. It appears that f2b is processing the log
> file(s) fine and adding 'iptables' rules, but I still see connection
> attempts and authentication errors on the ssh daemon.
>
> Example. From /var/log/messages, it triggered a ban for this IP at 0858hrs
>
> Sep 8 08:58:20 ####### fail2ban.actions[28791]: NOTICE [sshdext] Ban
> 124.190.106.117
>
> 'iptables' shows the IP should be DROPping
>
> # iptables --list
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> f2b-sshdext tcp -- anywhere anywhere multiport
> dports sshdext
> f2b-vsftpd tcp -- anywhere anywhere multiport
> dports ftp,ftp-data,ftps,ftps-data
> ...
> The 'sshdext' serivce is just 'sshd' running on an alternate port for
> external users - corporate firewall blocks incoming port 22.
>
I am not an expert but I am puzzled by line:
f2b-sshdext tcp -- anywhere anywhere multiport
dports sshdext
How does iptables --list know which port is 'sshdext'?
'iptables --list -n' will show the numeric values (and is fast), then you
can see if this rule is indeed covering the correct port.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
