Unix & Linux Asked by Mike Dank on January 5, 2021
I recently implemented fail2ban on a fresh debian server which left me with some default iptables configuration automatically,
root@plutarchy:/etc/apache2# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-ssh
-A INPUT -p tcp -m multiport --dports 2222 -j fail2ban-ssh
-A fail2ban-ssh -j RETURN
Now, when I add some old iptables rules that I don’t want to run through fail2ban, I end up with the following,
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-ssh
-A INPUT -p tcp -m multiport --dports 2222 -j fail2ban-ssh
-A INPUT -s 127.0.0.1/32 -i lo -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 2222 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j DROP
-A fail2ban-ssh -j RETURN
Note that I need to add the line -A INPUT -p tcp –dport 2222 -j ACCEPT or I cannot ssh into the box.
Will fail2ban still protect ssh (port 2222) when I have this line inserted? If not, how can I make sure ssh still goes through fail2ban while I have port 80 opened for normal operation?
I think the best way is to modify fail2ban configuration, in order to filter port 2222 instead of 22.
Answered by Giacomo Catenazzi on January 5, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP