Re: [Fail2ban-users] apache-noscript

Nick Howitt Wed, 28 Nov 2018 00:57:01 -0800

Cutting down on the iptables output is not too helpful as you lose the names of the chains that the rules belong to, but in this case you are missing something with a "-p tcp -m multiport --dports 80,443 -j dynamic" Mine would go in the INPUT chain but yours may be different.

I'm also not convinced about using the "dynamic" chain. Normally it would be an "f2b-apache-noscript" chain as you should use a separate chain for each jail. Can you restart f2b and look for errors setting up the -j rules and the f2b chains?

On my system (ClearOS) a firewall restart wipes all the f2b rules so I have to do some extra manipulation to re-add them on each restart.

On 28/11/2018 08:39, Koenraad Lelong wrote:

Hi,

Does this help :
iptables -L | grep dynamic
Chain dynamic (1 references)
DROP all -- 60.146.175.59.broad.wh.hb.dynamic.163data.com.cn anywhere
dynamic all -- anywhere anywhere ctstate INVALID,UNTRACKED

iptables -S | grep dynamic
-N dynamic
-A dynamic -s 58.218.198.169/32 -j reject
-A dynamic -s 59.175.146.60/32 -j DROP
-A extrn-fw -m conntrack --ctstate INVALID,UNTRACKED -j dynamic

That offending ip-address is unbanned now, but 59.175... is also a banned ip from apache-noscript.

extrn-fw is my external network interface.

Koenraad

_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Re: [Fail2ban-users] apache-noscript

Reply via email to