Tag Archives: iptables

Netfilter and iptables

Posted on by
Reply

This evening I read the iptables man page and Linux iptables Pocket Reference from cover-to-cover; my notes are here: Netfilter.

I think at this point I am ready to use iptables in anger for the first time in a long time, and the first time ever on a router.

However, before I take that on, I’m going to have a quick diversion into the following books, and then sleep, and I will do my iptables programming when I wake up tomorrow.

fail2ban.actions.action: ERROR

Posted on by
28

Found some discussion on dealing with “fail2ban.actions.action: ERROR” errors from fail2ban. Basically there’s a race condition and a few suggestions to deal with it. One is to modify /usr/bin/fail2ban-client like this:

def __processCmd(self, cmd, showRet = True):
	beautifier = Beautifier()
	for c in cmd:
		time.sleep(0.1)
		beautifier.setInputCmd(c)

But the other one, that I think I like better, is to edit /etc/fail2ban/actions.d/iptables-multiport.conf to include a call to sleep for a random time up to three seconds:

 actionstart =   sleep `perl -e 'print rand(3);'`
             iptables -N fail2ban-<name>
             iptables -A fail2ban-<name> -j RETURN
             iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>

Configure fail2ban to use route instead of iptables to block connections

Posted on by
35

Today I read about how to configure fail2ban to use route instead of iptables to block connections. I’m not planning to switch to the route command just yet, because I think when fail2ban uses IP tables it only bans an IP address from accessing a particular port (or set of ports). Although maybe I don’t care about that and just banning the whole host altogether would be OK.

The reason I’ve been looking in to fail2ban is that I have a heap of errors in my logs from fail2ban trying to use iptables and failing, e.g.:

 2012-02-04 00:23:02,939 fail2ban.actions.action: ERROR  iptables -D fail2ban-ssh -s 125.211.221.117 -j DROP returned 100
 2012-02-04 00:59:12,456 fail2ban.actions.action: ERROR  iptables -I fail2ban-ssh 1 -s 50.30.33.90 -j DROP returned 100
 2012-02-04 01:59:12,930 fail2ban.actions.action: ERROR  iptables -D fail2ban-ssh -s 50.30.33.90 -j DROP returned 100
 2012-02-04 08:35:13,252 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh
 2012-02-04 08:35:36,688 fail2ban.actions.action: ERROR  iptables -N fail2ban-ssh-ddos
 2012-02-04 08:35:36,695 fail2ban.actions.action: ERROR  iptables -N fail2ban-apache-overflows
 2012-02-04 08:35:36,703 fail2ban.actions.action: ERROR  iptables -N fail2ban-postfix