fail2ban iptable rule wont block

Question

So I set up fail2ban on my Debian 7 server, still I've been getting hit a lot and I dont know why is not blocking properly. The regex works, it recognizes the attempts but it seems the iptables rules it insert wont work, this is how it look iptables ouput looks after fail2ban tries to block.

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    fail2ban-courierauth  tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25
2    fail2ban-couriersmtp  tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25
3    sshguard   all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain fail2ban-courierauth (1 references)
num  target     prot opt source               destination
1    DROP       all  --  216.x.y.z            0.0.0.0/0
2    RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-courierimap (0 references)
num  target     prot opt source               destination
1    RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-courierpop3 (0 references)
num  target     prot opt source               destination
1    RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-couriersmtp (1 references)
num  target     prot opt source               destination
1    RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-postfix (0 references)
num  target     prot opt source               destination
1    RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-sasl (0 references)
num  target     prot opt source               destination
1    RETURN     all  --  0.0.0.0/0            0.0.0.0/0

In the iptables above you can see the "Chain fail2ban-courierauth" rule that added the drop rule for the ip but Im still able to connect!!

I can still connect to the server, why isn't it blocking?

score 1 · Accepted Answer · answered Oct 30 '13 at 16:16

(I'd post this mostly-a-request-for-clarification as a comment but I don't have enough Karma to do comments yet :|)

At risk of stating the obvious - when you say you "can still connect to the server"; do you mean on port 25? Because your iptables rules as configured will only match (and block) your access to port 25, assuming your connection to the server on port 25 is coming from the 216.x.y.z IP you have listed as blocked.

The iptables chains you have are configured in much the same way as mine (also using Debian) and mine work okay at blocking access to specific services - so I don't think it's necessarily the iptables configuration to blame, provided you're only expecting it to just block port 25 and not the whole server, and you don't have something in weird in PREROUTING that might be diverting traffic away from being processed in INPUT.

fail2ban iptable rule wont block

1 Answers1