Re: [Fail2ban-users] fail2ban not banning IPs [solved]

Sat, 27 Jun 2020 03:49:38 -0700 

On 27/06/20 10:26 pm, Peter Ajamian wrote:
Hi, I've recently installed fail2ban in CentOS 8 and while it's logging IPs that should be banned, they are not actually being banned in firewalld as far as i can tell. 

Note that there should be a number of IPs banned according to fail2ban:

[root@angels ~]# fail2ban-client get sshd banip

49.73.235.149 104.248.114.67 51.254.123.127 111.230.73.133 51.91.159.46 
218.92.0.215 217.182.71.54 51.83.73.109 218.92.0.219 157.230.153.75 
165.22.215.192 36.91.40.132 125.212.203.113 222.186.175.23 221.148.45.168



...but I can't find anything actually banned in either firewalld or 
iptables:


...found the bans, I just wasn't using the correct command to see them:

[root@angels ~]# firewall-cmd --list-all-zones

...

public (active)
...
  rich rules:

	rule family="ipv4" source address="125.212.203.113" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="222.186.175.23" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="221.148.45.168" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="106.13.30.99" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="68.183.35.255" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="195.136.205.8" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="111.230.73.133" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="140.143.2.108" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="51.254.123.127" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="104.248.114.67" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="51.91.159.46" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="222.186.30.57" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="200.146.215.26" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="217.182.71.54" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"
	rule family="ipv4" source address="51.83.73.109" port port="ssh" 
protocol="tcp" reject type="icmp-port-unreachable"



Peter


_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to