-1

I have set up fail2ban to protect my ssh port using these rather old instructions: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04

I tested my set-up by botching a bunch of log-ins from another computer and fail2ban does manage to block the IP. I even confirmed as shown here:

$ sudo fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     10
|  `- File list:        /var/log/auth.log
`- Actions
   |- Currently banned: 1
   |- Total banned:     2
   `- Banned IP list:   x.x.x.x

However, the aforementioned link also mentions that new rules should get added to iptables, but when I check this I don't see anything:

$ sudo iptables -S | grep fail
$

Is this a problem? If so, any idea what I could be doing wrong?

grasswistle
  • 121
  • 5

1 Answers1

0

sudo iptables -S | grep fail

This was valid for very old fail2ban versions only. Newer versions will use f2b- prefix. So you have rather to check this:

sudo iptables -nL INPUT | grep f2b
sudo iptables -nL f2b-sshd | grep -Fw x.x.x.x

Also it depends on used banning action (it is confugured by maintainer of your distribution), so it can be something different than iptables.

sebres
  • 940
  • 1
  • 5
  • 6