LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-30-2020, 09:10 AM   #1
aboka
LQ Newbie
 
Registered: Jun 2020
Posts: 17

Rep: Reputation: Disabled
Question Fail2ban not adding rules to Iptables


hi, im using Ubuntu 20.04 LTS with latest Fail2ban(not sure why it say command not found when i try to find its version with 'fail2ban -V')

all is working, so im thinking of learn to harden the security by adding more Jails by following the links below. manage to add few and confirm it has been add as it show the extra Jail when i run this 'sudo fail2ban-client status'

but the thing is, the new Jail is not shown inside my Iptables when i run 'sudo iptables -S'. Only noticeable is 'f2b-sshd' - installed by default together with Fail2ban. According to the article, it should list this(notice there are no 443 as i taken that out from the Jail bcoz 443 is used by another program)-
-A INPUT -p tcp -m multiport --dports 80 -j fail2ban-nginx-noproxy
-A INPUT -p tcp -m multiport --dports 80 -j fail2ban-nginx-badbots
-A INPUT -p tcp -m multiport --dports 80 -j fail2ban-nginx-noscript

is it bcoz my current iptables rules(port 80?) conflicting with them? and how could we fix it?
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -i tap+ -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.7.0/24 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A f2b-sshd -s 104.248.130.10/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 103.242.56.174/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -j RETURN

https://www.digitalocean.com/communi...n-ubuntu-14-04

p/s - just go through the article again before submitting, and notice this is also missing at the top of my iptables -
-N fail2ban-nginx-badbots
-N fail2ban-nginx-noproxy
-N fail2ban-nginx-noscript

p/ss - or is it bcoz theres no ban yet? if thats true, whats the easiest way to test and confirm they works?

Thank you,

Last edited by aboka; 06-30-2020 at 09:58 AM.
 
Old 06-30-2020, 10:30 PM   #2
aboka
LQ Newbie
 
Registered: Jun 2020
Posts: 17

Original Poster
Rep: Reputation: Disabled
hi, hv confirmed it is not there as there are not trigger yet. thx
 
  


Reply

Tags
fail2ban, ubuntu


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] /etc/udev/rules.d/40-libsane.rules and /etc/udev/rules.d/S99-2000S1.rules missing LABEL=libsane_rules_end mumahendras3 Slackware 6 03-09-2020 02:27 AM
Iptables-persistent package make Fail2Ban rules double, how to correct? samul Linux - Security 2 03-29-2018 11:50 AM
auditctl -l not showing any rules even though i have rules written in audit.rules alphaguy Linux - Security 1 02-07-2014 05:28 PM
[SOLVED] during system startup, iptables rules not loaded from /etc/sysconfig/iptables danyim Linux - Security 3 04-13-2013 02:09 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration