How to use fail2ban and iptables

Config files for fail2ban are in /etc/fail2ban.

On CentOS fail2ban uses SYSLOG which is /var/log/messages as its log file.

grep fail2ban

fail2ban bans addresses for 'bantime' seconds (often 10minutes) in /etc/fail2ban/fail2ban.conf

List currently banned IP addresses :

iptables -L -nv

Unban an IP address:

iptables -D fail2ban-ProFTPD -s X.X.X.X -j REJECT

X.X.X.X = the IP address you want to unban.

Specifically BAN an IP Address from Port 80 http:

list the rules in order:

iptables -nvL --line-numbers
11       1    60 ACCEPT     tcp  --  *      *             state NEW tcp dpt:80
12       0     0 ACCEPT     tcp  --  *      *             state NEW tcp dpt:443

this means you must ban the IP address BEFORE it hits rule 11. As Rule 11 says ACCEPT packets from anywhere on port 80. So :

iptables -I INPUT 10 -p tcp --destination-port 80 -s -j DROP

this INSERTS a rule at number 10.

To remove and unban the IP address:

iptables -D INPUT -p tcp --destination-port 80 -s -j DROP 

To save iptables rules and keep them on reboot

You can save them using :

iptables-save > /etc/iptables.conf

OR probably better idea is to install peristent iptables :

apt-get install iptables-peristent

this saves the rules to /etc/iptables/rules.v4 and /etc/iptables/rules.v6

To save or reload any changed rules use:

netfilter-persistent save
netfilter-persistent reload

Leave a Reply