Fail2ban sending notification of ban, but not actually banning

Question

So, I tested Fail2ban on ssh today with an IP which should have never connected to the server before.

First, the only thing I changed in the default config (apart from the mail-address) is this here:

# Choose default action.  To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_mwl)s

And I should note that SSH is on a port greater than 20000.

Now, what happened is, after 6 attempts I got the mail that my IP got blocked. So I was happy.

But then I tried logging in again, with the right details... and it worked.

So, why? What could be causing this?

score 0 · Answer 1 · answered Sep 09 '17 at 10:06

Fail2Ban Correctly Attempts to Ban IP but IP does not get banned - iptables chain exists but not working

As described here, banaction = iptables-allports works as well. Yet while I like it, this is probably not a satisfying solution for many users so I would appreciate an answer which copes with the problem of letting fail2ban recognise a different port than the normal one

Fail2ban sending notification of ban, but not actually banning

1 Answers1