Yes the table rules process top to bottom. If you jump to somewhere the return is to the next line down.
On Sun, 2015-09-06 at 12:16 -0700, Paul Dillon wrote: > Hi, > > > > This is probably a simple error on my part but I can’t get fail2ban to > block IP addresses listed in iptables. > > > > CentOS release 6.7 (Final) > > Fail2ban 0.9.2-1.el6 > > > > I have edited jail.local (only enabling postfix, dovecot and > postfix-sasl and changing ban time to 3600). Fail2ban is detecting > offenders and editing iptables. However, during the ban period, the > offending IP addresses are still showing up in /var/log/maillog. > > > > Prior to installing fail2ban, I had configured the firewall with the > terminal use interface (launched by typing “setup” at the command > line). The ACCEPT entries for ports 80 thru 587 came from the TUI. My > knowledge of iptables is limited but I have learned to add blocking > entries above the TUI ACCEPT entries for them to work. > > > > So perhaps the fail2ban REJECY entries should be above the ACCEPT > entries or maybe fail2ban isn’t restarting the network. > > > > If have tried removing the ACCEPT entries for 25 993 995 110 143 587 > by stopping fail2ban, saving iptables restarting the network then > restarting fail2ban but 25 993 995 110 143 587 are then all blocked by > the firewall. > > > > What have I done wrong? > > > > Regards, > > > > -paul > > > > [root@mail ~]# iptables -L -n > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > f2b-postfix-sasl tcp -- 0.0.0.0/0 0.0.0.0/0 > multiport dports 25,465,587,220,993,110,995 > > f2b-dovecot tcp -- 0.0.0.0/0 0.0.0.0/0 > multiport dports 110,995,143,993,587,465,4190 > > f2b-postfix tcp -- 0.0.0.0/0 0.0.0.0/0 > multiport dports 25,465,587 > > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state > RELATED,ESTABLISHED > > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 > > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > tcp dpt:80 > > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > tcp dpt:443 > > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > tcp dpt:25 > > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > tcp dpt:53 > > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW > udp dpt:53 > > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > tcp dpt:993 > > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > tcp dpt:995 > > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > tcp dpt:xxxxx (my ssh port) > > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > tcp dpt:110 > > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > tcp dpt:143 > > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > tcp dpt:587 > > REJECT all -- 0.0.0.0/0 0.0.0.0/0 > reject-with icmp-host-prohibited > > > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > REJECT all -- 0.0.0.0/0 0.0.0.0/0 > reject-with icmp-host-prohibited > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > > > Chain f2b-dovecot (1 references) > > target prot opt source destination > > RETURN all -- 0.0.0.0/0 0.0.0.0/0 > > > > Chain f2b-postfix (1 references) > > target prot opt source destination > > RETURN all -- 0.0.0.0/0 0.0.0.0/0 > > > > Chain f2b-postfix-sasl (1 references) > > target prot opt source destination > > REJECT all -- xxx.xxx.xx.125 0.0.0.0/0 > reject-with icmp-port-unreachable > > REJECT all -- xx.xx.xxx.60 0.0.0.0/0 > reject-with icmp-port-unreachable > > REJECT all -- xxx.xx.xx.234 0.0.0.0/0 > reject-with icmp-port-unreachable > > RETURN all -- 0.0.0.0/0 0.0.0.0/0 > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
