[CentOS] issue with fail2ban letting IP's through

David Mehler dave.mehler at gmail.com
Mon May 16 18:16:07 UTC 2011


Hello,
I'm using fail2ban to block bots in conjunction with existing iptables
rules. Here's a few rules from my iptables configuration:

#
# Set up a temporary pass rule so we don't lock ourselves out when
#doing remote ssh
iptables -P INPUT ACCEPT

#
# flush the current rules
iptables -F

#
# Allow SSH connections on tcp port 22
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

#
# Set default policies for INPUT, FORWARD and OUTPUT chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -s 202.0.0.0/8 -j DROP

This morning the ssh fail2ban jail blocked this:

202.205.176.125

and the email sent gave me this ip range:
inetnum:      202.205.176.0 - 202.205.191.255

That shouldn't have even been seen it should have been blocked by the
202/8 drop rule before fail2ban even saw it. Is that not so?

Suggestions welcome.
Thanks.
Dave.



More information about the CentOS mailing list