On Fri, 2019-08-30 at 17:45 -0700, Kenneth Porter wrote: > The .conf files should be considered pristine distribution files. > Don't > edit them.
I'm not, but I think I see what's going on, it's using both my custom specified fail2ban_root and f2b-sshd chain. Here's the snipped output of iptables-save: # # Generated by iptables-save v1.8.3 on Sun Sep 1 10:09:08 2019 *filter :INPUT DROP [16304:832519] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1194962:1740146265] :f2b-sshd - [0:0] :fail2ban_root - [0:0] -A INPUT -p tcp -m tcp --dport 22 -j fail2ban_root -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m multiport --dports 22,80,443,6789,8080,8443,8880,8843 -j ACCEPT -A INPUT -p udp -m multiport --dports 1900,3478,10001,31337 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A f2b-sshd -s 90.35.99.248/32 -j REJECT --reject-with icmp-port- unreachable -A f2b-sshd -j RETURN -A fail2ban_root -p tcp -m tcp --dport 22 -j f2b-sshd -A fail2ban_root -j RETURN COMMIT # Completed on Sun Sep 1 10:09:08 2019 # Best, S _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
