Hi,
This is probably a simple error on my part but I can't get fail2ban to block IP addresses listed in iptables. CentOS release 6.7 (Final) Fail2ban 0.9.2-1.el6 I have edited jail.local (only enabling postfix, dovecot and postfix-sasl and changing ban time to 3600). Fail2ban is detecting offenders and editing iptables. However, during the ban period, the offending IP addresses are still showing up in /var/log/maillog. Prior to installing fail2ban, I had configured the firewall with the terminal use interface (launched by typing "setup" at the command line). The ACCEPT entries for ports 80 thru 587 came from the TUI. My knowledge of iptables is limited but I have learned to add blocking entries above the TUI ACCEPT entries for them to work. So perhaps the fail2ban REJECY entries should be above the ACCEPT entries or maybe fail2ban isn't restarting the network. If have tried removing the ACCEPT entries for 25 993 995 110 143 587 by stopping fail2ban, saving iptables restarting the network then restarting fail2ban but 25 993 995 110 143 587 are then all blocked by the firewall. What have I done wrong? Regards, -paul [root@mail ~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination f2b-postfix-sasl tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,220,993,110,995 f2b-dovecot tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 110,995,143,993,587,465,4190 f2b-postfix tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:xxxxx (my ssh port) ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:587 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain f2b-dovecot (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain f2b-postfix (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain f2b-postfix-sasl (1 references) target prot opt source destination REJECT all -- xxx.xxx.xx.125 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- xx.xx.xxx.60 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- xxx.xx.xx.234 0.0.0.0/0 reject-with icmp-port-unreachable RETURN all -- 0.0.0.0/0 0.0.0.0/0
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
