I did notice the following on my Debian server (ISPConfig) in the fail2ban log file: Code: /var/log/fail2ban.log [postfix-sasl] 141.98.10.151 already banned I wanted to know why a banned IPv4 is able to connect, whilst it's already banned. When I execute iptables -S | more the following comes up: Code: # iptables -S | more [..] -A INPUT -p tcp -m multiport --dports 25 -j f2b-postfix-sasl [..] It looks like fail2ban open port 25 at the top of the list... When I execute iptables -S | grep "25" the following comes up: Code: # iptables -S | grep "25" -A INPUT -p tcp -m multiport --dports 25 -j f2b-postfix-sasl -A ufw-user-input -p tcp -m tcp --dport 25 -j ACCEPT The latter line is somewhere at the bottom of the list... Currently I am looking through the fail2ban config to find a way to stop Fail2Ban opening port 25 at the top of this list. The whole config looks complex. Has someone an idea how to achieve this? Thanks.
