-
-
Save antoniocampos/1b8bc607d7b2d4a42e2a6e7df00645d0 to your computer and use it in GitHub Desktop.
| #Depending on version one of the following files must exist | |
| root@host:/ nano /etc/fail2ban/action.d/iptables-blocktype.conf | |
| or | |
| root@host:/ nano /etc/fail2ban/action.d/iptables-common.conf | |
| comment the line | |
| #blocktype = REJECT --reject-with icmp-port-unreachable | |
| create the line | |
| blocktype = DROP |
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 95097
| - Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd - Actions
|- Currently banned: 483
|- Total banned: 1785
DROP, REJECT, Same fight. I don't understand why connection attempts continue while IP addresses are banned.
[...]
root (111.229.48.141): 45 Time(s)
root (119.29.105.3): 45 Time(s)
root (138.68.106.62): 45 Time(s)
root (156.54.174.197): 45 Time(s)
root (202.100.188.108): 45 Time(s)
root (37.139.7.127): 45 Time(s)
root (68.183.126.143): 45 Time(s)
[...]
Does anyone have any idea?
I think REJECT is very strange choice for default.
I've realize it when found a lot of ICMP traffic from me. It customizes easy, but a lot of people will not change it.
I've read #507 and I'm not agree.
Agreed, the default should be DROP. Legitimate users shouldn't be effected because legitimate users shouldn't banned.