Hi Guys I just realised that my sub wasnt active! Now thats fixed, i have a problem. F2B does not appear to be blocking IPs. https://i.imgur.com/nWbNrSl.png I have manaually added these into iptables, and they are still not dropping. What can I look into? KRs Lee
Do any blocks get listed in fail2ban.log? If yes, for which services? Any errors in fail2ban.log file when you restart fail2ban? And finally, which Linux Distribution do you use?
Hi Till Thanks for coming back to me Code: 2018-10-14 06:27:29,373 fail2ban.actions[6457]: WARNING [ssh] Ban 139.99.130.143 2018-10-14 06:37:30,014 fail2ban.actions[6457]: WARNING [ssh] Unban 139.99.130.143 2018-10-14 06:46:59,622 fail2ban.actions[6457]: WARNING [ssh] Ban 139.99.130.143 2018-10-14 06:57:00,269 fail2ban.actions[6457]: WARNING [ssh] Unban 139.99.130.143 2018-10-14 07:06:54,901 fail2ban.actions[6457]: WARNING [ssh] Ban 139.99.130.143 2018-10-14 07:16:55,539 fail2ban.actions[6457]: WARNING [ssh] Unban 139.99.130.143 2018-10-14 07:55:12,953 fail2ban.actions[6457]: WARNING [ssh] Ban 139.99.130.143 2018-10-14 08:05:13,586 fail2ban.actions[6457]: WARNING [ssh] Unban 139.99.130.143 2018-10-14 11:14:57,499 fail2ban.actions[6457]: WARNING [pureftpd] Ban 103.208.220.131 2018-10-14 11:19:21,817 fail2ban.actions[6457]: WARNING [ssh] Ban 77.72.82.39 2018-10-14 11:24:58,142 fail2ban.actions[6457]: WARNING [pureftpd] Unban 103.208.220.131 2018-10-14 11:29:22,459 fail2ban.actions[6457]: WARNING [ssh] Unban 77.72.82.39 2018-10-14 11:30:37,546 fail2ban.actions[6457]: WARNING [ssh] Ban 103.208.220.131 2018-10-14 11:40:38,192 fail2ban.actions[6457]: WARNING [ssh] Unban 103.208.220.131 2018-10-14 17:02:00,469 fail2ban.actions[6457]: WARNING [ssh] Ban 5.39.67.11 2018-10-14 17:12:01,113 fail2ban.actions[6457]: WARNING [ssh] Unban 5.39.67.11 2018-10-14 17:12:29,151 fail2ban.actions[6457]: WARNING [ssh] Ban 5.39.67.11 2018-10-14 17:22:29,794 fail2ban.actions[6457]: WARNING [ssh] Unban 5.39.67.11 2018-10-14 17:32:42,332 fail2ban.actions[6457]: WARNING [pureftpd] Ban 92.222.16.136 2018-10-14 17:42:42,974 fail2ban.actions[6457]: WARNING [pureftpd] Unban 92.222.16.136 2018-10-14 19:16:34,900 fail2ban.actions[6457]: WARNING [pureftpd] Ban 37.187.50.163 2018-10-14 19:26:35,544 fail2ban.actions[6457]: WARNING [pureftpd] Unban 37.187.50.163 2018-10-14 20:12:17,424 fail2ban.actions[6457]: WARNING [pureftpd] Ban 180.250.152.22 2018-10-14 20:22:18,062 fail2ban.actions[6457]: WARNING [pureftpd] Unban 180.250.152.22 2018-10-14 21:32:57,528 fail2ban.actions[6457]: WARNING [pureftpd] Ban 160.153.153.15 2018-10-14 21:42:58,178 fail2ban.actions[6457]: WARNING [pureftpd] Unban 160.153.153.15 2018-10-14 22:39:15,779 fail2ban.actions[6457]: WARNING [ssh] Ban 42.7.27.165 2018-10-14 22:49:16,421 fail2ban.actions[6457]: WARNING [ssh] Unban 42.7.27.165 2018-10-15 02:28:43,162 fail2ban.actions[6457]: WARNING [pureftpd] Ban 103.221.221.122 2018-10-15 02:38:43,819 fail2ban.actions[6457]: WARNING [pureftpd] Unban 103.221.221.122 2018-10-15 02:48:13,422 fail2ban.actions[6457]: WARNING [pureftpd] Ban 192.169.217.57 2018-10-15 02:58:14,062 fail2ban.actions[6457]: WARNING [pureftpd] Unban 192.169.217.57 2018-10-15 03:08:35,725 fail2ban.actions[6457]: WARNING [pureftpd] Ban 199.188.200.86 2018-10-15 03:18:36,372 fail2ban.actions[6457]: WARNING [pureftpd] Unban 199.188.200.86 2018-10-15 07:43:10,025 fail2ban.actions[6457]: WARNING [ssh] Ban 112.85.42.233 2018-10-15 07:53:10,670 fail2ban.actions[6457]: WARNING [ssh] Unban 112.85.42.233 2018-10-15 07:57:45,969 fail2ban.actions[6457]: WARNING [ssh] Ban 90.84.246.11 2018-10-15 08:07:46,608 fail2ban.actions[6457]: WARNING [ssh] Unban 90.84.246.11 2018-10-15 11:52:44,748 fail2ban.actions[6457]: WARNING [ssh] Ban 112.85.42.193 2018-10-15 12:02:45,388 fail2ban.actions[6457]: WARNING [ssh] Unban 112.85.42.193 2018-10-15 12:09:33,799 fail2ban.actions[6457]: WARNING [dovecot-pop3imap] Ban 37.49.225.190 2018-10-15 12:19:34,402 fail2ban.actions[6457]: WARNING [dovecot-pop3imap] Unban 37.49.225.190 2018-10-15 12:35:17,347 fail2ban.actions[6457]: WARNING [pureftpd] Ban 148.72.232.30 2018-10-15 12:45:17,987 fail2ban.actions[6457]: WARNING [pureftpd] Unban 148.72.232.30 2018-10-15 12:51:20,359 fail2ban.actions[6457]: WARNING [dovecot-pop3imap] Ban 185.112.249.141 2018-10-15 13:01:20,996 fail2ban.actions[6457]: WARNING [dovecot-pop3imap] Unban 185.112.249.141 2018-10-15 13:29:38,762 fail2ban.actions[6457]: WARNING [pureftpd] Ban 192.185.219.158 2018-10-15 13:39:39,415 fail2ban.actions[6457]: WARNING [pureftpd] Unban 192.185.219.158 2018-10-15 14:19:25,918 fail2ban.actions[6457]: WARNING [pureftpd] Ban 62.210.28.86 2018-10-15 14:29:26,556 fail2ban.actions[6457]: WARNING [pureftpd] Unban 62.210.28.86 2018-10-15 14:45:53,594 fail2ban.actions[6457]: WARNING [pureftpd] Ban 198.50.184.66 This is the output when i restarted the service Code: 2018-10-15 14:52:11,312 fail2ban.server [6457]: INFO Stopping all jails 2018-10-15 14:52:12,000 fail2ban.actions[6457]: WARNING [pureftpd] Unban 198.50.184.66 2018-10-15 14:52:12,015 fail2ban.jail [6457]: INFO Jail 'pureftpd' stopped 2018-10-15 14:52:12,953 fail2ban.jail [6457]: INFO Jail 'dovecot-pop3imap' stopped 2018-10-15 14:52:13,952 fail2ban.jail [6457]: INFO Jail 'ssh' stopped 2018-10-15 14:52:13,953 fail2ban.server [6457]: INFO Exiting Fail2ban 2018-10-15 14:52:14,408 fail2ban.server [15778]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13 2018-10-15 14:52:14,408 fail2ban.jail [15778]: INFO Creating new jail 'ssh' 2018-10-15 14:52:14,483 fail2ban.jail [15778]: INFO Jail 'ssh' uses pyinotify 2018-10-15 14:52:14,507 fail2ban.jail [15778]: INFO Initiated 'pyinotify' backend 2018-10-15 14:52:14,508 fail2ban.filter [15778]: INFO Added logfile = /var/log/auth.log 2018-10-15 14:52:14,509 fail2ban.filter [15778]: INFO Set maxRetry = 6 2018-10-15 14:52:14,510 fail2ban.filter [15778]: INFO Set findtime = 600 2018-10-15 14:52:14,511 fail2ban.actions[15778]: INFO Set banTime = 600 2018-10-15 14:52:14,544 fail2ban.jail [15778]: INFO Creating new jail 'dovecot-pop3imap' 2018-10-15 14:52:14,544 fail2ban.jail [15778]: INFO Jail 'dovecot-pop3imap' uses pyinotify 2018-10-15 14:52:14,549 fail2ban.jail [15778]: INFO Initiated 'pyinotify' backend 2018-10-15 14:52:14,550 fail2ban.filter [15778]: INFO Added logfile = /var/log/mail.log 2018-10-15 14:52:14,550 fail2ban.filter [15778]: INFO Set maxRetry = 5 2018-10-15 14:52:14,551 fail2ban.filter [15778]: INFO Set findtime = 600 2018-10-15 14:52:14,551 fail2ban.actions[15778]: INFO Set banTime = 600 2018-10-15 14:52:14,555 fail2ban.jail [15778]: INFO Creating new jail 'pureftpd' 2018-10-15 14:52:14,555 fail2ban.jail [15778]: INFO Jail 'pureftpd' uses pyinotify 2018-10-15 14:52:14,559 fail2ban.jail [15778]: INFO Initiated 'pyinotify' backend 2018-10-15 14:52:14,560 fail2ban.filter [15778]: INFO Added logfile = /var/log/syslog 2018-10-15 14:52:14,560 fail2ban.filter [15778]: INFO Set maxRetry = 3 2018-10-15 14:52:14,561 fail2ban.filter [15778]: INFO Set findtime = 600 2018-10-15 14:52:14,561 fail2ban.actions[15778]: INFO Set banTime = 600 2018-10-15 14:52:14,564 fail2ban.jail [15778]: INFO Jail 'ssh' started 2018-10-15 14:52:14,565 fail2ban.jail [15778]: INFO Jail 'dovecot-pop3imap' started 2018-10-15 14:52:14,566 fail2ban.jail [15778]: INFO Jail 'pureftpd' started And finally I am on Debain 8. KRs L
Hi Taleman See the output of /etc/fail2ban/jail.local Code: [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] logpath = /var/log/mail.log maxretry = 5 [pureftpd] enabled = true port = ftp filter = pureftpd logpath = /var/log/syslog maxretry = 3 I would need to add something along the lines of a postfix filter in here? Unless there is a better way to do this, maybe within postfix? Thanks Lee
You have to add rules for blocking on SMTP traffic to that file. Use Internet Search engines, there are promising hits.
