Hello all, i use fail2ban to protect my server but i use the action "route" and NOT "iptables". The action route is working very well but the attacker get a entry in the iptables too. I´m not sure why? my jail.conf: Code: [ssh] enabled = true filter = sshd action = route sendmail-whois[name=SSH, [email protected]] logpath = /var/log/secure maxretry = 5 my route action: Code: [Definition] actionban = ip route add unreachable <ip> actionunban = ip route del unreachable <ip> fail2ban log: Code: 2013-11-12 01:48:13,744 fail2ban.actions: WARNING [ssh] Ban 79.143.87.222 2013-11-12 02:48:13,985 fail2ban.actions: WARNING [ssh] Unban 79.143.87.222 my iptables: Code: Chain DENYIN (0 references) target prot opt source destination DROP all -- 79.143.87.222 anywhere Chain DENYOUT (0 references) target prot opt source destination DROP all -- anywhere 79.143.87.222 So the script works very well! The route will be added and then deleted after the reset timer but a entry will be added to the iptables in this Chain`s and not removed? I use more iptable rules to protect the ports. Any idea? Best
