Re: [Fail2ban-users] Banned IP continues its attempts, other IP isn't banned even after maxretry

Mon, 18 Sep 2017 14:26:50 -0700 

You do realize if you run shorewall commands (restart|stop|clear|etc)
it will wipe out the iptables entries that fail2ban adds?  Shorewall
reloads the entire iptables.

You should use an ipset instead.  Define the ipsets in
/etc/shorewall/init:
ipset -exist create fail2ban-IPv4-port hash:ip,port timeout 3600
ipset -exist create fail2ban-IPv4-ip hash:ip timeout 86400

add this after the ?SECTION NEW in /etc/shorewall/rules
?COMMENT flagged by fail2ban
DROP    inet:+fail2ban-IPv4-port[src,dst]       fw
DROP    inet:+fail2ban-IPv4-ip[src]             fw

Create a /etc/fail2ban/action.d/iptables-ipset-proto4.local (a copy of
iptables-ipset-proto4.conf) and blank out:
actioncheck =
actionstart =
actionstop =
(Don't need these because the ipsets are defined in shorewall init.

Modify jails to use iptables-ipset-proto4.

Note in the boot order: Shorewall should start before fail2ban.

Bill


On 9/17/2017 6:34 AM, chaouche yacine via Fail2ban-users wrote:

Hello Dominic,
There was only 1 IP that was banned out of 4. The banned one has been unbanned after bantime (1 day) so I can't find it in iptables : 

root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # iptables -nL | grep 201.236.111.84
root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL #

The other 3 werent' banned by fail2ban

NB : I am using shorewall, which uses iptables under the hood IIRC.




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to