Mike Sheinberg on 31 Jan 2011 11:51:25 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables question

The fail2ban rules were auto-generated by fail2ban.... When stuff gets banned a rule is generated on the fly and it gets thrown in one of the accompanying chains. 



On Mon, Jan 31, 2011 at 2:26 PM, Robert Spangler <mlists@zoominternet.net> wrote:
On Monday 31 January 2011 11:57, Mike Sheinberg wrote:

>  Here's my current dump of /etc/sysconfig/iptables:
>
>  # Generated by iptables-save v1.3.5 on Mon Jan 31 10:36:35 2011
>  *filter
>
>  :INPUT DROP [33:5345]
>  :FORWARD ACCEPT [0:0]
>  :OUTPUT ACCEPT [129:15384]
>  :fail2ban-ApacheAuth - [0:0]
>  :fail2ban-ApachePHPbot - [0:0]
>  :fail2ban-BadBots - [0:0]
>  :fail2ban-SSH - [0:0]
>
>  -A INPUT -s *XXXXXXXXXXXXX* -j ACCEPT
>  -A INPUT -s *XXXXXXXXXXX*/255.255.255.224 -j ACCEPT
>  -A INPUT -p tcp -m tcp --dport 80 -j fail2ban-ApacheAuth
>  -A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-BadBots
>  -A INPUT -p tcp -m tcp --dport 80 -j fail2ban-ApachePHPbot
>  -A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
>  -A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j
> ACCEPT -A INPUT -i lo -j ACCEPT
>  -A OUTPUT -d *XXXXXXXX*/255.255.255.224 -j ACCEPT
>  -A fail2ban-ApacheAuth -j RETURN
>  -A fail2ban-ApachePHPbot -j RETURN
>  -A fail2ban-BadBots -j RETURN
>  -A fail2ban-SSH -s *XXXXXXXXXX* -j DROP
>  -A fail2ban-SSH -j RETURN
>  COMMIT
>  # Completed on Mon Jan 31 10:36:35 2011

Is this the complete file?  Why are you placing using '-j fail2ban-*' rules,
they are doing nothing?

Another thing I would suggest is using a STATEFUL firewall with NEW,
ESTABLISHED and RELATED rules.  Make for a better firewall.


--

Regards
Robert

Linux
The adventure of a lifetime.

Linux User #296285
Get Counted
http://counter.li.org/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug