Link to home
Start Free TrialLog in
Avatar of GEMCC
GEMCC

asked on

Fail2ban says an IP is banned, but not

Hello,

The Fail2ban log states an IP is banned, but I am still able to SSH in with the IP address.  If it matters, I am using port 22222.

Please advise.

Have a great day,

Don
Avatar of Kent W
Kent W
Flag of United States of America image

Check the secure log or wherever you have ssh connections logged. If your client public ip also has an ipv6 ip, you may be connecting with that.
Avatar of GEMCC
GEMCC

ASKER

For testing purposes I am using one of the PCs on this side of the router so a private IP address is being used.
You may want to see the state of your iptables while you are experiencing the problem. E.g. sudo iptables -S
Fron the public sharing, fail2ban does not actually perform the blocking of connection requests, it only adds the rules to the iptables firewall when it detects a bannable action, as defined in your jail.conf.local.

Also do check iptable has the necessary DROP rule corresponding to machine IP to get banned is present and configured properly.

http://itswapshop.com/content/how-view-and-remove-banned-ips-fail2ban-ubuntu-1004
Avatar of GEMCC

ASKER

I see jail.conf, but not jail.conf.local

When I do iptables -S:

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N MINIUPNPD
-N UBNT_PFOR_FW_HOOK
-N UBNT_PFOR_FW_RULES
-N UBNT_VPN_IPSEC_FW_HOOK
-N UBNT_VPN_IPSEC_FW_IN_HOOK
-N VYATTA_FW_IN_HOOK
-N VYATTA_FW_LOCAL_HOOK
-N VYATTA_FW_OUT_HOOK
-N VYATTA_POST_FW_FWD_HOOK
-N VYATTA_POST_FW_IN_HOOK
-N VYATTA_POST_FW_OUT_HOOK
-N WAN_IN
-N WAN_LOCAL
-N WAN_OUT
-N fail2ban-ssh
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -j UBNT_VPN_IPSEC_FW_HOOK
-A INPUT -j VYATTA_FW_LOCAL_HOOK
-A INPUT -j VYATTA_POST_FW_IN_HOOK
-A FORWARD -j MINIUPNPD
-A FORWARD -j UBNT_VPN_IPSEC_FW_IN_HOOK
-A FORWARD -j UBNT_PFOR_FW_HOOK
-A FORWARD -j VYATTA_FW_IN_HOOK
-A FORWARD -j VYATTA_FW_OUT_HOOK
-A FORWARD -j VYATTA_POST_FW_FWD_HOOK
-A OUTPUT -j VYATTA_POST_FW_OUT_HOOK
-A UBNT_PFOR_FW_HOOK -i eth0 -j UBNT_PFOR_FW_RULES
-A VYATTA_FW_IN_HOOK -i eth0 -j WAN_IN
-A VYATTA_FW_LOCAL_HOOK -i eth0 -j WAN_LOCAL
-A VYATTA_FW_OUT_HOOK -o eth0 -j WAN_OUT
-A VYATTA_POST_FW_FWD_HOOK -j ACCEPT
-A VYATTA_POST_FW_IN_HOOK -j ACCEPT
-A VYATTA_POST_FW_OUT_HOOK -j ACCEPT
-A WAN_IN -m comment --comment WAN_IN-1 -m set --match-set Afghanistan src -j DROP
-A WAN_IN -m comment --comment WAN_IN-2 -m set --match-set Bulgaria src -j DROP
-A WAN_IN -m comment --comment WAN_IN-3 -m set --match-set China src -j DROP
-A WAN_IN -m comment --comment WAN_IN-4 -m set --match-set Cuba src -j DROP
-A WAN_IN -m comment --comment WAN_IN-5 -m set --match-set HongKong src -j DROP
-A WAN_IN -m comment --comment WAN_IN-6 -m set --match-set India src -j DROP
-A WAN_IN -m comment --comment WAN_IN-7 -m set --match-set Indonesia src -j DROP
-A WAN_IN -m comment --comment WAN_IN-8 -m set --match-set Iran src -j DROP
-A WAN_IN -m comment --comment WAN_IN-9 -m set --match-set Iraq src -j DROP
-A WAN_IN -m comment --comment WAN_IN-10 -m set --match-set Libya src -j DROP
-A WAN_IN -m comment --comment WAN_IN-11 -m set --match-set Netherlands src -j DROP
-A WAN_IN -m comment --comment WAN_IN-12 -m set --match-set NorthKorea src -j DROP
-A WAN_IN -m comment --comment WAN_IN-13 -m set --match-set Romania src -j DROP
-A WAN_IN -m comment --comment WAN_IN-14 -m set --match-set Russia src -j DROP
-A WAN_IN -m comment --comment WAN_IN-15 -m set --match-set Spain src -j DROP
-A WAN_IN -m comment --comment WAN_IN-16 -m set --match-set Sudan src -j DROP
-A WAN_IN -m comment --comment WAN_IN-17 -m set --match-set Syria src -j DROP
-A WAN_IN -m comment --comment WAN_IN-18 -m set --match-set Taiwan src -j DROP
-A WAN_IN -m comment --comment WAN_IN-19 -m set --match-set Vietnam src -j DROP
-A WAN_IN -m comment --comment WAN_IN-20 -m set --match-set Yemen src -j DROP
-A WAN_IN -m comment --comment WAN_IN-21 -m set --match-set Test src -j DROP
-A WAN_IN -m comment --comment WAN_IN-22 -m state --state RELATED,ESTABLISHED -j RETURN
-A WAN_IN -m comment --comment WAN_IN-23 -m state --state INVALID -j DROP
-A WAN_IN -d 192.168.128.10/32 -p tcp -m comment --comment WAN_IN-24 -m state --state NEW -m tcp --dport 8443 -j RETURN
-A WAN_IN -m comment --comment "WAN_IN-10000 default-action drop" -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-1 -m set --match-set Afghanistan src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-2 -m set --match-set Bulgaria src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-3 -m set --match-set China src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-4 -m set --match-set Cuba src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-5 -m set --match-set HongKong src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-6 -m set --match-set India src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-7 -m set --match-set Indonesia src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-8 -m set --match-set Iran src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-9 -m set --match-set Iraq src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-10 -m set --match-set Libya src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-11 -m set --match-set Netherlands src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-12 -m set --match-set NorthKorea src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-13 -m set --match-set Romania src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-14 -m set --match-set Russia src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-15 -m set --match-set Spain src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-16 -m set --match-set Sudan src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-17 -m set --match-set Syria src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-18 -m set --match-set Taiwan src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-19 -m set --match-set Vietnam src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-20 -m set --match-set Yemen src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-21 -m set --match-set Test src -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-22 -m state --state RELATED,ESTABLISHED -j RETURN
-A WAN_LOCAL -m comment --comment WAN_LOCAL-23 -m state --state INVALID -j DROP
-A WAN_LOCAL -d 192.168.128.10/32 -p tcp -m comment --comment WAN_LOCAL-24 -m tcp --dport 8443 -j RETURN
-A WAN_LOCAL -p esp -m comment --comment WAN_LOCAL-25 -j RETURN
-A WAN_LOCAL -p udp -m comment --comment WAN_LOCAL-26 -m udp --dport 500 -j RETURN
-A WAN_LOCAL -p udp -m comment --comment WAN_LOCAL-27 -m udp --dport 1701 -j RETURN
-A WAN_LOCAL -p udp -m comment --comment WAN_LOCAL-28 -m udp --dport 4500 -j RETURN
-A WAN_LOCAL -p tcp -m comment --comment WAN_LOCAL-29 -m tcp --dport 443 -j RETURN
-A WAN_LOCAL -m comment --comment "WAN_LOCAL-10000 default-action drop" -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-1 -m set --match-set Afghanistan dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-2 -m set --match-set Bulgaria dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-3 -m set --match-set China dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-4 -m set --match-set Cuba dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-5 -m set --match-set HongKong dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-6 -m set --match-set India dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-7 -m set --match-set Indonesia dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-8 -m set --match-set Iran dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-9 -m set --match-set Iraq dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-10 -m set --match-set Libya dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-11 -m set --match-set Netherlands dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-12 -m set --match-set NorthKorea dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-13 -m set --match-set Romania dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-14 -m set --match-set Russia dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-15 -m set --match-set Spain dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-16 -m set --match-set Sudan dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-17 -m set --match-set Syria dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-18 -m set --match-set Taiwan dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-19 -m set --match-set Vietnam dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-20 -m set --match-set Yemen dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-21 -m set --match-set Test dst -j DROP
-A WAN_OUT -m comment --comment WAN_OUT-22 -m state --state NEW,RELATED,ESTABLISHED -j RETURN
-A WAN_OUT -m comment --comment WAN_OUT-23 -m state --state INVALID -j DROP
-A WAN_OUT -m comment --comment "WAN_OUT-10000 default-action drop" -j DROP
-A fail2ban-ssh -j RETURN

Open in new window

Avatar of GEMCC

ASKER

Per the link you suggested, I did iptables -L -n and it shows the IP is set to DROP, but I can still SSH in
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of GEMCC

ASKER

Resolved issue
Thanks. Possible to share what is the root issue..?
Avatar of GEMCC

ASKER

Not sure what you are asking.
What I meant is share what you done to resolve it, if possible.
Avatar of GEMCC

ASKER

ID: 4147160, in fact I marked it as the solution
Thanks it is ID: 41471602.