2 Replies - 272 Views - Last Post: 08 May 2021 - 01:18 PM

#1 mercy_angel   User is offline

  • D.I.C Regular

Reputation: 0
  • View blog
  • Posts: 480
  • Joined: 28-February 13

fail2ban banned ip but still can ssh

Posted 07 May 2021 - 02:29 AM

I tried to ssh brute force from one pc to another to prevent local ssh bruteforces, and i allways can ssh to that PC .6 from .5

this is output of nano /var/log/fail2ban.log


021-05-07 10:25:33,555 fail2ban.actions [16509]: NOTICE [sshd] Ban 10.10.127.5
2021-05-07 10:25:34,979 fail2ban.filter [16509]: INFO [sshd] Found 10.10.127.5 - 2021-05-07 10:25:34
2021-05-07 10:25:40,228 fail2ban.filter [16509]: INFO [sshd] Found 10.10.127.5 - 2021-05-07 10:25:40
2021-05-07 10:25:41,833 fail2ban.filter [16509]: INFO [sshd] Found 10.10.127.5 - 2021-05-07 10:25:41
2021-05-07 10:25:51,406 fail2ban.filter [16509]: INFO [sshd] Found 10.10.127.5 - 2021-05-07 10:25:51
2021-05-07 10:25:53,009 fail2ban.filter [16509]: INFO [sshd] Found 10.10.127.5 - 2021-05-07 10:25:52
2021-05-07 10:25:53,704 fail2ban.actions [16509]: NOTICE [sshd] 10.10.127.5 already banned

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
f2b-sshd   tcp  --  anywhere             anywhere             multiport dports ssh

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain f2b-sshd (1 references)
target     prot opt source               destination
REJECT     all  --  10.10.127.5          anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere


This post has been edited by mercy_angel: 07 May 2021 - 02:31 AM


Is This A Good Question/Topic? 0
  • +

Replies To: fail2ban banned ip but still can ssh

#2 no2pencil   User is offline

  • Professor Snuggly Pants
  • member icon

Reputation: 6931
  • View blog
  • Posts: 31,859
  • Joined: 10-May 07

Re: fail2ban banned ip but still can ssh

Posted 07 May 2021 - 07:12 AM

If I am reading your iptables output correctly, you have added the ip address to f2b-sshd, & then f2b-sshd is in the INPUT chain as an accept policy.
Was This Post Helpful? 0
  • +
  • -

#3 mercy_angel   User is offline

  • D.I.C Regular

Reputation: 0
  • View blog
  • Posts: 480
  • Joined: 28-February 13

Re: fail2ban banned ip but still can ssh

Posted 08 May 2021 - 01:18 PM

View Postno2pencil, on 07 May 2021 - 02:12 PM, said:

If I am reading your iptables output correctly, you have added the ip address to f2b-sshd, & then f2b-sshd is in the INPUT chain as an accept policy.


i didnt accept it, i just install fail2ban and try to use it. Am i wrong somewhere? In all description i can red, its write that if some Pc goes to ban it will be banned inside ip tables, so this rules is added by default, but i dont know why its not working...All settings in the conf file are default ones.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1