Help - Search - Members - Calendar
Full Version: iptables help
Linuxhelp > Support > Technical Support
zeezeebottom
Hello guys,

A bunch of icons are missing in this wysiwig editor by the way...

I am having trouble with iptables - it keeps blocking my http traffic even though it's supposed to allow it. It's working in conjunction with fail2ban. Here's my list of rules:
CODE
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination        
    2   128 fail2ban-BadBots  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 80,443
  164 12160 fail2ban-SSH  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            Source country: CN
  221 17236 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          
    2   120 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
   28  4542 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination        
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 121 packets, 16507 bytes)
pkts bytes target     prot opt in     out     source               destination        

Chain fail2ban-BadBots (1 references)
pkts bytes target     prot opt in     out     source               destination        
    2   128 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0          

Chain fail2ban-SSH (1 references)
pkts bytes target     prot opt in     out     source               destination        
  164 12160 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0


As far as I can see, it properly logged the 2 packets and whatever on port 80 but the connection is actually refused. fail2ban has not blocked my ip. How does this actually work? Do I need to have a separate line where -j ACCEPT is in place of fail2ban-BadBots ? And wouldn't that simply bypass fail2ban altogether?

Thank you!
michaelk
Post your /etc/fail2ban/jail.local file
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.