How to reorder iptables fail2ban rules?

K

kovalr2016-03-22 01:49:44

iptables

kovalr, 2016-03-22 01:49:44

There is a chain of rules

Chain INPUT (policy ACCEPT 688 packets, 241K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      166 65746 fail2ban-some-rules  udp  --  *      *       0.0.0.0/0            0.0.0.0/0    
2       30  3629 fail2ban-some-rules  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0        
3       21  1532 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
4        8   798 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
5        0     0 ACCEPT     all  --  eth0   *       8.8.8.8       0.0.0.0/0           
6       5  3556 DROP       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0

First two rules

1      166 65746 fail2ban-some-rules  udp  --  *      *       0.0.0.0/0            0.0.0.0/0    
2       30  3629 fail2ban-some-rules  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0

are generated by fail2ban.
The next 3,4,5,6 are run by *.sh script at system startup.
How to make the first two rules

1      166 65746 fail2ban-some-rules  udp  --  *      *       0.0.0.0/0            0.0.0.0/0    
2       30  3629 fail2ban-some-rules  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0

faced

6       5  3556 DROP       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

P

pinkpony, 2016-03-22
@pinkpony

And if you clean the entire table, and then add the rules for fail2ban to *.sh before 3556 DROP all.