[CentOS] iptables - how to block established connections with fail2ban?

MRob

mrobti at insiberia.net
Wed Jun 26 06:41:15 UTC 2019


I am working to a CentOS 6 server with nonstandard iptables system 
without rule for ACCEPT ESTABLISHED connections. All tables and chains 
empty (flush by legacy custom script) so only filter/INPUT chain has 
rules (also fail2ban chain):

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
f2b-postfix   tcp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  192.168.0.0/16       0.0.0.0/0
ACCEPT     all  --  127.0.0.0/8          0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:993
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:995
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp 
flags:0x17/0x02

Chain f2b-postfix (1 references)
target     prot opt source               destination
REJECT     all  --  200.23.235.30        0.0.0.0/0           reject-with 
icmp-port-unreachable
REJECT     all  --  177.11.167.57        0.0.0.0/0           reject-with 
icmp-port-unreachable
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

When fail2ban block a IP address, established connections are allowed to 
continue, but with no rule to accept established connections how is that 
possible? Why doesn't f2b first rule block established connections?


More information about the CentOS mailing list