"Already banned" in fail2ban.log

ID10T · March 8, 2023, 6:21pm

Still playing and learning the software but I think this shows what I suspected is true.

Reject ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports ssh -m set --match-set f2b-sshd src -j REJECT --reject-with icmp-port-unreachable

Just because it logs the packet doesn’t mean it gave up any meaningful information. It probably just allows fail2ban to increment the counter. Some IP listed as a know ‘bad actor’ from Lithuania seems to be a lifer in my postfix jail.

GENLTD · March 9, 2023, 3:21pm

But perhaps we want hacking attempts so we can offload the IP’s to a central server over syslog and then apply them to the border firewalls… its only script kiddies playing with meta or hydra but the more we can block at the borders the less we need to handle locally. just imo.

stefan1959 · March 9, 2023, 8:50pm

It will still be in the log like any other failure.

system · May 8, 2023, 8:51pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.