Hello, I'm using fail2ban to block bots in conjunction with existing iptables rules. Here's a few rules from my iptables configuration:
# # Set up a temporary pass rule so we don't lock ourselves out when #doing remote ssh iptables -P INPUT ACCEPT
# # flush the current rules iptables -F
# # Allow SSH connections on tcp port 22 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# # Set default policies for INPUT, FORWARD and OUTPUT chains iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT
iptables -A INPUT -s 202.0.0.0/8 -j DROP
This morning the ssh fail2ban jail blocked this:
202.205.176.125
and the email sent gave me this ip range: inetnum: 202.205.176.0 - 202.205.191.255
That shouldn't have even been seen it should have been blocked by the 202/8 drop rule before fail2ban even saw it. Is that not so?
Suggestions welcome. Thanks. Dave.