I posted this, originally, in the security section. But I haven't had any replys there so I wanted to post here. I have used fail2ban for years with Suse, but I'm having some trouble getting it implemented in Slackware.
Having some problems getting fail2ban to actually properly ban ip's that fail authentication when trying to SSH. Fail2ban client is up and running properly. I am feeding it the correct log file for slackware (/var/log/messages). I made sure to "enable" sshd-iptables in the jail.conf file. Here is a "status" to make sure fail2ban is running:
bash-3.1# fail2ban-client status
|- Number of jail: 1
`- Jail list: ssh-iptables
Then, I'll attempt to log on incorrectly to ssh and fail2ban will recognize the incorrect attempts. It will then ban that IP causing the failure. Here is proof that fail2ban is TRYING to work properly:
bash-3.1# fail2ban-client status ssh-iptables
Status for the jail: ssh-iptables
| |- File list: /var/log/messages
| |- Currently failed: 1
| `- Total failed: 9
|- Currently banned: 1
| `- IP list: 192.168.1.3
`- Total banned: 1
As you can see, it banned 192.168.1.3. At least it thought it did... However, I can still connect to my server (192.168.1.2) with no problems. I can still ssh to it, check mail, etc... That address is NOT banned. I have already verified iptables is working by doing a:
"iptables -I INPUT -s 192.168.1.3 -j DROP"
If I do the above commands, 192.168.1.3 is banned. So I know iptables is working if I can manually type that in and get it to work that way.
I dunno what is up. Any one else have any problems?