[CentOS] iptables - how to block established connections with fail2ban?
Gordon Messmer
gordon.messmer at gmail.com
Thu Jun 27 21:59:52 UTC 2019
On 6/25/19 11:41 PM, MRob wrote:
> When fail2ban block a IP address, established connections are allowed
> to continue, but with no rule to accept established connections how is
> that possible?
It doesn't look like it would be.
1: Open a connection that will demonstrate the problem later.
2: Trigger a block from an address that you control.
3: Check the output of "iptables -L -v" to demonstrate that the address
is blocked.
4: Use "tcpdump -nn -i any host <address>" to watch traffic from that
address.
5: Send a command over the connection from step 1. tcpdump should show
packets in both directions, and your session should be usable, according
to the problem you described.
6: Check the output of "iptables -L -v" again and look at the counters
on each rule to see which rule is being matched.
More information about the CentOS
mailing list