I
I
icell762020-09-18 10:37:13
Debian
icell76, 2020-09-18 10:37:13

Why does iptables(~fail2ban) falsely ban an IP?

I welcome everyone. There are problems on my dedicator. The iptables rules DROP certain client IPs. They don't do anything hacky. And the trick is that the rule to block a certain IP can be written 100 times. There are suspicions that fail2ban blocks. It is also possible to ban because a person connects to IP from different ports. There are no serious rules in iptables, so it should not be blocked. Is there any way to find out which rule bans?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
D
Dmitry, 2020-09-18
@q2digger

fail2ban should write a log, depending on how the log is configured, it can write to its own /var/log/fail2ban.log or to the system /var/log/syslog
further, you need to check which client address is entered in jail.
what is the table in the firewall?
or look at jails, for example

[email protected]~ $ sudo fail2ban-client status
Status
|- Number of jail:	6
`- Jail list:	dovecot, postfix, postfix-auth, postfix-dmitryg, roundcube, sshd

[email protected]~ $ sudo fail2ban-client get postfix banip
195.154.105.61 194.150.215.153 192.168.210.228 93.179.68.35 77.221.146.179 93.186.200.196 62.141.41.5 62.141.46.147 185.17.144.239 212.32.240.228 37.48.90.115 185.17.146.178 85.143.173.42 81.16.141.145

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question