Ryfujk

Maximum summed powersets with non-adjacent items

Does classifying an integer as a discrete log require it be part of a multiplicative group?

If my PI received research grants from a company to be able to pay my postdoc salary, did I have a potential conflict interest too?

If a VARCHAR(MAX) column is included in an index, is the entire value always stored in the index page(s)?

Why wasn't DOSKEY integrated with COMMAND.COM?

Is it fair for a professor to grade us on the possession of past papers?

When a candle burns, why does the top of wick glow if bottom of flame is hottest?

Integration Help

Is it cost-effective to upgrade an old-ish Giant Escape R3 commuter bike with entry-level branded parts (wheels, drivetrain)?

Do wooden building fires get hotter than 600°C?

How do I make this wiring inside cabinet safer? (Pic)

Is it common practice to audition new musicians 1-2-1 before rehearsing with the entire band?

Do I really need to have a message in a novel to appeal to readers?

How to compare two different files line by line in unix?

Is "Reachable Object" really an NP-complete problem?

Irreducible of finite Krull dimension implies quasi-compact?

Is there any way for the UK Prime Minister to make a motion directly dependent on Government confidence?

Is it ethical to give a final exam after the professor has quit before teaching the remaining chapters of the course?

When the Haste spell ends on a creature, do attackers have advantage against that creature?

How do I stop a creek from eroding my steep embankment?

8 Prisoners wearing hats

How to find all the available tools in mac terminal?

Should I use a zero-interest credit card for a large one-time purchase?

What is the escape velocity of a neutron particle (not neutron star)

fail2ban expired bans not removed from iptables

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

0

I have recently installed fail2ban on Ubuntu 16, and it's working in that bans/assignments to jails is working correctly, but once the jail assignment expires, the banned IP remains in iptables as REJECT. I would expect it to remove from iptables after the bantime expires.

Example below, a very basic DOS jail, bans anyone who hits 100 page loads in 30 seconds, banning them for 1 hour (3600 seconds).

NB the default bantime in jail.conf is 600 seconds

jail.local

 [http-get-dos]

 enabled = true

 port = http,https

 filter = http-get-dos

 logpath = /var/log/apache*/access.log

       /home/*/logs/access.log

 maxretry = 100

 findtime = 30

 bantime = 3600

 ignoreip = 127.0.0.1/8 ::1

 action = iptables[name=HTTP, port=http, protocol=tcp]

filter.d/http-get-dos

# Fail2Ban configuration file

[Definition]

failregex = ^<HOST> -.*"(GET|POST).*

ignoreregex =

I tested this myself by sending 1000 connections from three other servers, and it worked correctly - all three servers were added into the jail, and iptables rule:

iptables -L -n

Chain f2b-HTTP (2 references)

target     prot opt source               destination         

REJECT     all  --  xx.xx.xx.xx         0.0.0.0/0            reject-with 

REJECT     all  --  xx.xx.xx.xx         0.0.0.0/0            reject-with 

REJECT     all  --  xx.xx.xx.xx         0.0.0.0/0            reject-with 

icmp-port-unreachable

However, it's been about 2 hours and the three REJECTs still exists in the iptables and the servers cannot connect.

A live status on the http-get-dos jail (fail2ban-client status http-get-dos) returns that correctly some IPs were banned, but none currently.

Status for the jail: http-get-dos

|- Filter

|  |- Currently failed: 1

|  |- Total failed:     613

|  `- File list:        /var/log/apache2/access.log /home/*/logs/access.log 

`- Actions

|- Currently banned: 0

|- Total banned:     3

`- Banned IP list:

At install of fail2ban, I ran:

 apt-get install iptables-persistent

To persist bans on reboot, but this doesn't (??) ignore the bantime though.

I know I can manually remove an IP from iptables, but I would expect fail2ban to do it automatically after the bantime has expired.

What am I missing?

iptables fail2ban

share

asked 2 mins ago

user1513196user1513196

2117

add a comment | 

0

I have recently installed fail2ban on Ubuntu 16, and it's working in that bans/assignments to jails is working correctly, but once the jail assignment expires, the banned IP remains in iptables as REJECT. I would expect it to remove from iptables after the bantime expires.

Example below, a very basic DOS jail, bans anyone who hits 100 page loads in 30 seconds, banning them for 1 hour (3600 seconds).

NB the default bantime in jail.conf is 600 seconds

jail.local

 [http-get-dos]

 enabled = true

 port = http,https

 filter = http-get-dos

 logpath = /var/log/apache*/access.log

       /home/*/logs/access.log

 maxretry = 100

 findtime = 30

 bantime = 3600

 ignoreip = 127.0.0.1/8 ::1

 action = iptables[name=HTTP, port=http, protocol=tcp]

filter.d/http-get-dos

# Fail2Ban configuration file

[Definition]

failregex = ^<HOST> -.*"(GET|POST).*

ignoreregex =

I tested this myself by sending 1000 connections from three other servers, and it worked correctly - all three servers were added into the jail, and iptables rule:

iptables -L -n

Chain f2b-HTTP (2 references)

target     prot opt source               destination         

REJECT     all  --  xx.xx.xx.xx         0.0.0.0/0            reject-with 

REJECT     all  --  xx.xx.xx.xx         0.0.0.0/0            reject-with 

REJECT     all  --  xx.xx.xx.xx         0.0.0.0/0            reject-with 

icmp-port-unreachable

However, it's been about 2 hours and the three REJECTs still exists in the iptables and the servers cannot connect.

A live status on the http-get-dos jail (fail2ban-client status http-get-dos) returns that correctly some IPs were banned, but none currently.

Status for the jail: http-get-dos

|- Filter

|  |- Currently failed: 1

|  |- Total failed:     613

|  `- File list:        /var/log/apache2/access.log /home/*/logs/access.log 

`- Actions

|- Currently banned: 0

|- Total banned:     3

`- Banned IP list:

At install of fail2ban, I ran:

 apt-get install iptables-persistent

To persist bans on reboot, but this doesn't (??) ignore the bantime though.

I know I can manually remove an IP from iptables, but I would expect fail2ban to do it automatically after the bantime has expired.

What am I missing?

iptables fail2ban

share

asked 2 mins ago

user1513196user1513196

2117

add a comment | 

I have recently installed fail2ban on Ubuntu 16, and it's working in that bans/assignments to jails is working correctly, but once the jail assignment expires, the banned IP remains in iptables as REJECT. I would expect it to remove from iptables after the bantime expires.

Example below, a very basic DOS jail, bans anyone who hits 100 page loads in 30 seconds, banning them for 1 hour (3600 seconds).

NB the default bantime in jail.conf is 600 seconds

jail.local

 [http-get-dos]

 enabled = true

 port = http,https

 filter = http-get-dos

 logpath = /var/log/apache*/access.log

       /home/*/logs/access.log

 maxretry = 100

 findtime = 30

 bantime = 3600

 ignoreip = 127.0.0.1/8 ::1

 action = iptables[name=HTTP, port=http, protocol=tcp]

filter.d/http-get-dos

# Fail2Ban configuration file

[Definition]

failregex = ^<HOST> -.*"(GET|POST).*

ignoreregex =

I tested this myself by sending 1000 connections from three other servers, and it worked correctly - all three servers were added into the jail, and iptables rule:

iptables -L -n

Chain f2b-HTTP (2 references)

target     prot opt source               destination         

REJECT     all  --  xx.xx.xx.xx         0.0.0.0/0            reject-with 

REJECT     all  --  xx.xx.xx.xx         0.0.0.0/0            reject-with 

REJECT     all  --  xx.xx.xx.xx         0.0.0.0/0            reject-with 

icmp-port-unreachable

However, it's been about 2 hours and the three REJECTs still exists in the iptables and the servers cannot connect.

A live status on the http-get-dos jail (fail2ban-client status http-get-dos) returns that correctly some IPs were banned, but none currently.

Status for the jail: http-get-dos

|- Filter

|  |- Currently failed: 1

|  |- Total failed:     613

|  `- File list:        /var/log/apache2/access.log /home/*/logs/access.log 

`- Actions

|- Currently banned: 0

|- Total banned:     3

`- Banned IP list:

At install of fail2ban, I ran:

 apt-get install iptables-persistent

To persist bans on reboot, but this doesn't (??) ignore the bantime though.

I know I can manually remove an IP from iptables, but I would expect fail2ban to do it automatically after the bantime has expired.

What am I missing?

iptables fail2ban

share

asked 2 mins ago

user1513196user1513196

2117

 [http-get-dos]

 enabled = true

 port = http,https

 filter = http-get-dos

 logpath = /var/log/apache*/access.log

       /home/*/logs/access.log

 maxretry = 100

 findtime = 30

 bantime = 3600

 ignoreip = 127.0.0.1/8 ::1

 action = iptables[name=HTTP, port=http, protocol=tcp]

# Fail2Ban configuration file

[Definition]

failregex = ^<HOST> -.*"(GET|POST).*

ignoreregex =

Chain f2b-HTTP (2 references)

target     prot opt source               destination         

REJECT     all  --  xx.xx.xx.xx         0.0.0.0/0            reject-with 

REJECT     all  --  xx.xx.xx.xx         0.0.0.0/0            reject-with 

REJECT     all  --  xx.xx.xx.xx         0.0.0.0/0            reject-with 

icmp-port-unreachable

Status for the jail: http-get-dos

|- Filter

|  |- Currently failed: 1

|  |- Total failed:     613

|  `- File list:        /var/log/apache2/access.log /home/*/logs/access.log 

`- Actions

|- Currently banned: 0

|- Total banned:     3

`- Banned IP list:

 apt-get install iptables-persistent

share

asked 2 mins ago

user1513196user1513196

2117

share

asked 2 mins ago

user1513196user1513196

2117

asked 2 mins ago

user1513196user1513196

2117

asked 2 mins ago

user1513196user1513196

2117