fail2ban say banned ip but it's not in iptable list or i can connect again.it's all information about config and output and logs. my Os and fail2ban version: Code: # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.3 LTS Release: 16.04 Codename: xenial # fail2ban-server 2017-11-24 20:56:36,032 fail2ban.server [15832]: INFO Starting Fail2ban v0.9.4 it's my /etc/fail2ban/fail2ban.conf: Code: # cat /etc/fail2ban/fail2ban.conf [Definition] loglevel = INFO logtarget = /var/log/fail2ban.log syslogsocket = auto socket = /var/run/fail2ban/fail2ban.sock pidfile = /var/run/fail2ban/fail2ban.pid dbfile = /var/lib/fail2ban/fail2ban.sqlite3 dbpurgeage = 86400 Also it's my /etc/fail2ban/jail.local: Code: # cat /etc/fail2ban/jail.local [DEFAULT] ignoreip = 127.0.0.1/8 bantime = 3600 findtime = 3600 maxretry = 6 mta = mail destemail = [email protected] sendername = Fail2BanAlerts [pureftpd] enabled = true port = ftp filter = pureftpd logpath = /var/log/syslog tail maxretry = 3 [apache] enabled = true port = http,https filter = apache-auth logpath = /var/log/apache*/*error.log tail /var/log/ispconfig/httpd/*/error.log tail maxretry = 6 findtime = 600 [apache-noscript] enabled = true [apache-overflows] enabled = true filter = apache-overflows logpath = /var/log/apache*/*error.log tail /var/log/ispconfig/httpd/*/error.log tail maxretry = 2 [apache-badbots] enabled = true port = http,https filter = apache-badbots logpath = /var/log/apache*/*error.log tail /var/log/ispconfig/httpd/*/error.log tail maxretry = 2 [apache-nohome] enabled = true port = http,https filter = apache-nohome logpath = /var/log/apache*/*error.log tail /var/log/ispconfig/httpd/*/error.log tail maxretry = 2 [php-url-fopen] enabled = true port = http,https filter = php-url-fopen logpath = /var/log/apache*/*access.log tail /var/log/ispconfig/httpd/*/access.log tail [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log tail maxretry = 6 action = iptables-new [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] logpath = /var/log/auth.log tail maxretry = 5 my problem is fail2ban doesn't ban ip in iptables i tried it in ssh and its log: Code: 2017-11-24 20:44:05,347 fail2ban.actions [14264]: NOTICE [ssh] 5.22.6.183 already banned 2017-11-24 20:44:08,215 fail2ban.filter [14264]: INFO [ssh] Found 5.22.6.183 2017-11-24 20:44:08,218 fail2ban.filter [14264]: INFO [ssh-iptables] Found 5.22.6.183 2017-11-24 20:44:10,887 fail2ban.filter [14264]: INFO [ssh] Found 5.22.6.183 2017-11-24 20:44:10,890 fail2ban.filter [14264]: INFO [ssh-iptables] Found 5.22.6.183 2017-11-24 20:44:13,304 fail2ban.filter [14264]: INFO [ssh] Found 5.22.6.183 2017-11-24 20:44:13,308 fail2ban.filter [14264]: INFO [ssh-iptables] Found 5.22.6.183 2017-11-24 20:44:14,357 fail2ban.actions [14264]: NOTICE [ssh-iptables] 5.22.6.183 already banned But its not in iptables list: Code: # iptables -L INPUT -v -n Chain INPUT (policy ACCEPT 4579 packets, 731K bytes) pkts bytes target prot opt in out source destination 1 48 f2b-SSH tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 1 48 f2b-default tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
