On 10/1/18 11:32 AM, Nick Howitt wrote: > the output of "iptables -nvL" > Hmm. Looking at the output of above is this: Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2103K 873M NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0 bypass 14472 14M f2b-suricata tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 13143 14M f2b-assp tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25
NFQUEUE is created by suricata. It makes the suricata jail less than helpful since NFQUEUE processes the stream before the f2b does. The plan was to offload IP blocking from suricata since it is a fairly CPU intensive process. Is there some f2b way to insert itself as the first chain(s)? Still. This does not explain why the assp jail is not effective. -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
