Hi all, I've setted up fail2ban. The client is running Code: gandhi:/var/log# fail2ban-client status ssh Status for the jail: ssh |- filter | |- File list: /var/log/auth.log | |- Currently failed: 0 | `- Total failed: 0 `- action |- Currently banned: 0 | `- IP list: `- Total banned: 0 gandhi:/var/log# and the regex is working Code: Success, the total number of match is 15 However, look at the above section 'Running tests' which could contain important information. gandhi:/var/log# For some strange reason fail2ban just fails to ban. What could be wrong? Thanks! - Dennis
Well, my auth.log shows me that i'm being brute forced (10+ logins per minute, from the same ip) Thanks!
Hi, Fail2ban DOES make the chain, Code: Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere tcp dpt:ssh As you see, its a bit strange it doesnt ban the ip's. thanks!