On 04/05/2021 00:07, Kenneth Porter wrote:
--On Monday, May 03, 2021 5:15 PM -0400 Clive Jacques
<westriverp...@gmail.com> wrote:
Fail2ban should be more
explicit in that it doesn't kill existing connections, only new ones.
And
you kind of think it would ban existing connections.
That's not really fail2ban's fault. I assume you're using firewalld, and
it doesn't offer a simple way to insert the ban before firewalld's
internal rule that allows all packets in the connection tracker. To stop
an existing connection, you have to ban packets before they hit the
tracker rule in iptables' INPUT chain.
Really you need to ban new connections and kill the conntrack. I don't
think you can block them from going to the conntrack filter unless
blocking them in the mangle table's PREROUTING chain will do it.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
