How to use fail2ban and iptables

Config files for fail2ban are in /etc/fail2ban.

On CentOS fail2ban uses SYSLOG which is /var/log/messages as its log file.

grep fail2ban

fail2ban bans addresses for 'bantime' seconds (often 10minutes) in /etc/fail2ban/fail2ban.conf

List currently banned IP addresses :

iptables -L -nv

Unban an IP address:

iptables -D fail2ban-ProFTPD -s X.X.X.X -j REJECT

X.X.X.X = the IP address you want to unban.

Specifically BAN an IP Address from Port 80 http:

list the rules in order:

iptables -nvL --line-numbers

...

11       1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
12       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443

...

this means you must ban the IP address BEFORE it hits rule 11. As Rule 11 says ACCEPT packets from anywhere on port 80. So :

iptables -I INPUT 10 -p tcp --destination-port 80 -s patroller.dreamhost.com -j DROP

this INSERTS a rule at number 10.

to remove and unban the IP address:

iptables -D INPUT -p tcp --destination-port 80 -s patroller.dreamhost.com -j DROP

 

Leave a Reply