Re: [arch-general] Fail2Ban is not adding iptables rules
Maykel Franco via arch-general wrote: > El mar., 3 nov. 2020 a las 15:21, escribi??: > > > > Maykel Franco via arch-general wrote: > > > > > El mar., 3 nov. 2020 a las 10:45, escribi??: > > > > > > > > Maykel Franco via arch-general wrote: > > > > > > > > > El mar., 3 nov. 2020 a las 9:48, escribi??: > > > > > > > > > > > > Maykel Franco via arch-general wrote: > > > > > > > > > > > > > Hi, I have this script for iptables for my archlinux desktop: > > > > > > > > > > > > > > https://pastebin.com/SafhsKFt > > > > > > > > > > > > > > And when received external request access SSH error, fail2ban add > > > > > > > rule > > > > > > > but the rule not working. > > > > > > > > > > > > > > I think it has to do with the iptables script, but the fail2ban > > > > > > > blocking rules add fine but don't ban. That could be happening? > > > > > > > > > > > > It could be that the banning fail2ban rule doesn't ban. > > > > > > 1. Can you show the iptables state before, and after, fail2ban added > > > > > >its rule? That is, issue an iptables -s command? I do hope I got > > > > > >the iptables command right. > > > > > > 2. Can you show fail2ban configuration? > > > > > > > > > > > > -- > > > > > > u34 > > > > > > > > > > The problem is not fail2ban. The problem is the script iptables rules > > > > > because after exec script iptables: > > > > > > > > > > https://pastebin.com/SafhsKFt > > > > > > > > > > I try drop ip: > > > > > > > > > > iptables -A INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP > > > > > > > > > > Not block ip 192.168.0.33 on port 22. > > > > > > > > Possibly because that line is added as the last lines of the iptables. > > > > The accept lines of the script already accepted the 192.168.0.33 > > > > connection. You > > > > probably want to issue an Insert, or a Replace, command. -I or -R, if I > > > > remmeber > > > > correcly. > > > > What is the output of iptables -s, if I remember correctly, > > > > after you issued > > > > the 192.168.0.33 related command? > > > > > > > > As an aside, I think you should revert to nft (nftables). > > > > > > > > -- > > > > u34 > > > > > > Thanks for your response. With -I works well with: > > > > > > iptables -I INPUT -p tcp -s 192.168.0.33 --dport -j DROP > > > > > > And now, for iptables works well, How it solved? I need iptables add > > > rules on first place. > > > > I didn't follow. iptables doesn't add rules by itself. Someone, or > > something, > > tells it what rules it should use. Whom do want to tell iptables to add > > rules on first place? > > > > -- > > u34 > > Maybe I have explained myself wrong. With that script that I have put > from iptables, I can add rules first with the -I parameter and it > works. Thanks for the help of colleagues. > > Now what I want is that iptables when I block some IP, it also ping it > first to make it work. I didn't understand. Are you looking for: if (ping anIp succeeded) iptables -I anIp drop ? If that is what you want, why would you care if ping succeeded, or not? Just drop anIp. -- u34
Re: [arch-general] Fail2Ban is not adding iptables rules
El mar., 3 nov. 2020 a las 15:21, escribió: > > Maykel Franco via arch-general wrote: > > > El mar., 3 nov. 2020 a las 10:45, escribi??: > > > > > > Maykel Franco via arch-general wrote: > > > > > > > El mar., 3 nov. 2020 a las 9:48, escribi??: > > > > > > > > > > Maykel Franco via arch-general wrote: > > > > > > > > > > > Hi, I have this script for iptables for my archlinux desktop: > > > > > > > > > > > > https://pastebin.com/SafhsKFt > > > > > > > > > > > > And when received external request access SSH error, fail2ban add > > > > > > rule > > > > > > but the rule not working. > > > > > > > > > > > > I think it has to do with the iptables script, but the fail2ban > > > > > > blocking rules add fine but don't ban. That could be happening? > > > > > > > > > > It could be that the banning fail2ban rule doesn't ban. > > > > > 1. Can you show the iptables state before, and after, fail2ban added > > > > >its rule? That is, issue an iptables -s command? I do hope I got > > > > >the iptables command right. > > > > > 2. Can you show fail2ban configuration? > > > > > > > > > > -- > > > > > u34 > > > > > > > > The problem is not fail2ban. The problem is the script iptables rules > > > > because after exec script iptables: > > > > > > > > https://pastebin.com/SafhsKFt > > > > > > > > I try drop ip: > > > > > > > > iptables -A INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP > > > > > > > > Not block ip 192.168.0.33 on port 22. > > > > > > Possibly because that line is added as the last lines of the iptables. > > > The accept lines of the script already accepted the 192.168.0.33 > > > connection. You > > > probably want to issue an Insert, or a Replace, command. -I or -R, if I > > > remmeber > > > correcly. > > > What is the output of iptables -s, if I remember correctly, > > > after you issued > > > the 192.168.0.33 related command? > > > > > > As an aside, I think you should revert to nft (nftables). > > > > > > -- > > > u34 > > > > Thanks for your response. With -I works well with: > > > > iptables -I INPUT -p tcp -s 192.168.0.33 --dport -j DROP > > > > And now, for iptables works well, How it solved? I need iptables add > > rules on first place. > > I didn't follow. iptables doesn't add rules by itself. Someone, or something, > tells it what rules it should use. Whom do want to tell iptables to add > rules on first place? > > -- > u34 Maybe I have explained myself wrong. With that script that I have put from iptables, I can add rules first with the -I parameter and it works. Thanks for the help of colleagues. Now what I want is that iptables when I block some IP, it also ping it first to make it work.
Re: [arch-general] Fail2Ban is not adding iptables rules
Maykel Franco via arch-general wrote: > El mar., 3 nov. 2020 a las 10:45, escribi??: > > > > Maykel Franco via arch-general wrote: > > > > > El mar., 3 nov. 2020 a las 9:48, escribi??: > > > > > > > > Maykel Franco via arch-general wrote: > > > > > > > > > Hi, I have this script for iptables for my archlinux desktop: > > > > > > > > > > https://pastebin.com/SafhsKFt > > > > > > > > > > And when received external request access SSH error, fail2ban add rule > > > > > but the rule not working. > > > > > > > > > > I think it has to do with the iptables script, but the fail2ban > > > > > blocking rules add fine but don't ban. That could be happening? > > > > > > > > It could be that the banning fail2ban rule doesn't ban. > > > > 1. Can you show the iptables state before, and after, fail2ban added > > > >its rule? That is, issue an iptables -s command? I do hope I got > > > >the iptables command right. > > > > 2. Can you show fail2ban configuration? > > > > > > > > -- > > > > u34 > > > > > > The problem is not fail2ban. The problem is the script iptables rules > > > because after exec script iptables: > > > > > > https://pastebin.com/SafhsKFt > > > > > > I try drop ip: > > > > > > iptables -A INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP > > > > > > Not block ip 192.168.0.33 on port 22. > > > > Possibly because that line is added as the last lines of the iptables. > > The accept lines of the script already accepted the 192.168.0.33 > > connection. You > > probably want to issue an Insert, or a Replace, command. -I or -R, if I > > remmeber > > correcly. > > What is the output of iptables -s, if I remember correctly, > > after you issued > > the 192.168.0.33 related command? > > > > As an aside, I think you should revert to nft (nftables). > > > > -- > > u34 > > Thanks for your response. With -I works well with: > > iptables -I INPUT -p tcp -s 192.168.0.33 --dport -j DROP > > And now, for iptables works well, How it solved? I need iptables add > rules on first place. I didn't follow. iptables doesn't add rules by itself. Someone, or something, tells it what rules it should use. Whom do want to tell iptables to add rules on first place? -- u34
Re: [arch-general] Fail2Ban is not adding iptables rules
El mar., 3 nov. 2020 a las 10:45, escribió: > > Maykel Franco via arch-general wrote: > > > El mar., 3 nov. 2020 a las 9:48, escribi??: > > > > > > Maykel Franco via arch-general wrote: > > > > > > > Hi, I have this script for iptables for my archlinux desktop: > > > > > > > > https://pastebin.com/SafhsKFt > > > > > > > > And when received external request access SSH error, fail2ban add rule > > > > but the rule not working. > > > > > > > > I think it has to do with the iptables script, but the fail2ban > > > > blocking rules add fine but don't ban. That could be happening? > > > > > > It could be that the banning fail2ban rule doesn't ban. > > > 1. Can you show the iptables state before, and after, fail2ban added > > >its rule? That is, issue an iptables -s command? I do hope I got > > >the iptables command right. > > > 2. Can you show fail2ban configuration? > > > > > > -- > > > u34 > > > > The problem is not fail2ban. The problem is the script iptables rules > > because after exec script iptables: > > > > https://pastebin.com/SafhsKFt > > > > I try drop ip: > > > > iptables -A INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP > > > > Not block ip 192.168.0.33 on port 22. > > Possibly because that line is added as the last lines of the iptables. > The accept lines of the script already accepted the 192.168.0.33 connection. > You > probably want to issue an Insert, or a Replace, command. -I or -R, if I > remmeber > correcly. > What is the output of iptables -s, if I remember correctly, > after you issued > the 192.168.0.33 related command? > > As an aside, I think you should revert to nft (nftables). > > -- > u34 Thanks for your response. With -I works well with: iptables -I INPUT -p tcp -s 192.168.0.33 --dport -j DROP And now, for iptables works well, How it solved? I need iptables add rules on first place.
Re: [arch-general] Fail2Ban is not adding iptables rules
Maykel Franco via arch-general wrote: > El mar., 3 nov. 2020 a las 9:48, escribi??: > > > > Maykel Franco via arch-general wrote: > > > > > Hi, I have this script for iptables for my archlinux desktop: > > > > > > https://pastebin.com/SafhsKFt > > > > > > And when received external request access SSH error, fail2ban add rule > > > but the rule not working. > > > > > > I think it has to do with the iptables script, but the fail2ban > > > blocking rules add fine but don't ban. That could be happening? > > > > It could be that the banning fail2ban rule doesn't ban. > > 1. Can you show the iptables state before, and after, fail2ban added > >its rule? That is, issue an iptables -s command? I do hope I got > >the iptables command right. > > 2. Can you show fail2ban configuration? > > > > -- > > u34 > > The problem is not fail2ban. The problem is the script iptables rules > because after exec script iptables: > > https://pastebin.com/SafhsKFt > > I try drop ip: > > iptables -A INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP > > Not block ip 192.168.0.33 on port 22. Possibly because that line is added as the last lines of the iptables. The accept lines of the script already accepted the 192.168.0.33 connection. You probably want to issue an Insert, or a Replace, command. -I or -R, if I remmeber correcly. What is the output of iptables -s, if I remember correctly, after you issued the 192.168.0.33 related command? As an aside, I think you should revert to nft (nftables). -- u34
Re: [arch-general] Fail2Ban is not adding iptables rules
On 03.11.20 09:54, Maykel Franco via arch-general wrote: El mar., 3 nov. 2020 a las 9:48, escribió: Maykel Franco via arch-general wrote: Hi, I have this script for iptables for my archlinux desktop: https://pastebin.com/SafhsKFt And when received external request access SSH error, fail2ban add rule but the rule not working. I think it has to do with the iptables script, but the fail2ban blocking rules add fine but don't ban. That could be happening? It could be that the banning fail2ban rule doesn't ban. 1. Can you show the iptables state before, and after, fail2ban added its rule? That is, issue an iptables -s command? I do hope I got the iptables command right. 2. Can you show fail2ban configuration? -- u34 The problem is not fail2ban. The problem is the script iptables rules because after exec script iptables: https://pastebin.com/SafhsKFt I try drop ip: iptables -A INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP Not block ip 192.168.0.33 on port 22. Thats the expected behavior. With -A you append a rule to the already existing rules. The problem is that you have already allowed port 22 in your script and this rule match for all incoming packets on port 22. Other rules will not be executed. I'm not an expert in fail2ban but when you use the following rule after the script is executed port 22 will be blocked iptables -I INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP -I means that the rule is insert on the first place in the chain. With "iptables -vL INPUT" you can see the order of the rule. First matching rule will be used and no other rules in the INPUT chain will be executed.
Re: [arch-general] Fail2Ban is not adding iptables rules
El mar., 3 nov. 2020 a las 9:48, escribió: > > Maykel Franco via arch-general wrote: > > > Hi, I have this script for iptables for my archlinux desktop: > > > > https://pastebin.com/SafhsKFt > > > > And when received external request access SSH error, fail2ban add rule > > but the rule not working. > > > > I think it has to do with the iptables script, but the fail2ban > > blocking rules add fine but don't ban. That could be happening? > > It could be that the banning fail2ban rule doesn't ban. > 1. Can you show the iptables state before, and after, fail2ban added >its rule? That is, issue an iptables -s command? I do hope I got >the iptables command right. > 2. Can you show fail2ban configuration? > > -- > u34 The problem is not fail2ban. The problem is the script iptables rules because after exec script iptables: https://pastebin.com/SafhsKFt I try drop ip: iptables -A INPUT -p tcp -s 192.168.0.33 --dport 22 -j DROP Not block ip 192.168.0.33 on port 22.
Re: [arch-general] Fail2Ban is not adding iptables rules
Maykel Franco via arch-general wrote: > Hi, I have this script for iptables for my archlinux desktop: > > https://pastebin.com/SafhsKFt > > And when received external request access SSH error, fail2ban add rule > but the rule not working. > > I think it has to do with the iptables script, but the fail2ban > blocking rules add fine but don't ban. That could be happening? It could be that the banning fail2ban rule doesn't ban. 1. Can you show the iptables state before, and after, fail2ban added its rule? That is, issue an iptables -s command? I do hope I got the iptables command right. 2. Can you show fail2ban configuration? -- u34
[arch-general] Fail2Ban is not adding iptables rules
Hi, I have this script for iptables for my archlinux desktop: https://pastebin.com/SafhsKFt And when received external request access SSH error, fail2ban add rule but the rule not working. I think it has to do with the iptables script, but the fail2ban blocking rules add fine but don't ban. That could be happening?
