[CentOS] iptables - how to block established connections with fail2ban?

Thu Jun 27 21:59:52 UTC 2019
Gordon Messmer <gordon.messmer at gmail.com>

On 6/25/19 11:41 PM, MRob wrote:
> When fail2ban block a IP address, established connections are allowed 
> to continue, but with no rule to accept established connections how is 
> that possible?

It doesn't look like it would be.

1: Open a connection that will demonstrate the problem later.
2: Trigger a block from an address that you control.
3: Check the output of "iptables -L -v" to demonstrate that the address 
is blocked.
4: Use "tcpdump -nn -i any host <address>" to watch traffic from that 
5: Send a command over the connection from step 1.  tcpdump should show 
packets in both directions, and your session should be usable, according 
to the problem you described.
6: Check the output of "iptables -L -v" again and look at the counters 
on each rule to see which rule is being matched.