I can't understand, why the firewall throughput of my server is significant increasing during the last few days while everything else, including traffic, remains on it's normal level.
What scenario can result in stable traffic but increasing firewall throughput?
I show you two monthly munin graphs:
The peeks at aprox. 4 a.m. every day come from a nightly job. They are normal. Not normal is the increase of firewall throughput from former less than 15 Packets/second to now 30+ Packets/second while the traffic stays on it's normal level.
My server is a virtual root-server in a remote server farm. OS is Linux Ubuntu 14.04 LTS. Webserver is Apache. Mailserver Postfix. All modules in its newest version.
I did not change any settings within the last weeks. Last reboot (after updating all packages) was on 4th Feb. The strange behavior begann in the morning of 9th Feb. I updated all packages yesterday again (without reboot), but this did not influence the high firewall throughput.
Edit (answering a comment):
Here is the result of `iptables -nvL':
root@myServer:~# iptables -nvL
Chain INPUT (policy ACCEPT 10M packets, 2883M bytes)
pkts bytes target prot opt in out source destination
3860K 499M fail2ban-apache-nohome tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
3860K 499M fail2ban-apache tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
77714 24M fail2ban-postfix tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587
3860K 499M fail2ban-apache-noscript tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
3344 714K fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21101
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 7652K packets, 5305M bytes)
pkts bytes target prot opt in out source destination
Chain fail2ban-apache (1 references)
pkts bytes target prot opt in out source destination
3860K 499M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-apache-nohome (1 references)
pkts bytes target prot opt in out source destination
3860K 499M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-apache-noscript (1 references)
pkts bytes target prot opt in out source destination
3860K 499M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-postfix (1 references)
pkts bytes target prot opt in out source destination
77714 24M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-ssh (1 references)
pkts bytes target prot opt in out source destination
3344 714K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Fail2ban did not ban any connection within the last 2 weeks. It banned 4 connections in January, 3 in Dec'15 and 3 in Nov'15. It never ever banned anything else than connections to postfix with one exception: In August 2015 it banned ssh, which was my own connection: I three times tried to login with a wrong password.