I have set up fail2ban to protect my ssh port using these rather old instructions: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04
I tested my set-up by botching a bunch of log-ins from another computer and fail2ban does manage to block the IP. I even confirmed as shown here:
$ sudo fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 0 | |- Total failed: 10 | `- File list: /var/log/auth.log `- Actions |- Currently banned: 1 |- Total banned: 2 `- Banned IP list: x.x.x.xHowever, the aforementioned link also mentions that new rules should get added to iptables, but when I check this I don’t see anything:
$ sudo iptables -S | grep fail $Is this a problem? If so, any idea what I could be doing wrong?
Answer
sudo iptables -S | grep fail
This was valid for very old fail2ban versions only. Newer versions will use f2b- prefix. So you have rather to check this:
sudo iptables -nL INPUT | grep f2b
sudo iptables -nL f2b-sshd | grep -Fw x.x.x.x
Also it depends on used banning action (it is confugured by maintainer of your distribution), so it can be something different than iptables.
Attribution
Source : Link , Question Author : grasswistle , Answer Author : sebres
