Configure fail2ban to use route instead of iptables to block connections

Today I read about how to configure fail2ban to use route instead of iptables to block connections. I’m not planning to switch to the route command just yet, because I think when fail2ban uses IP tables it only bans an IP address from accessing a particular port (or set of ports). Although maybe I don’t care about that and just banning the whole host altogether would be OK.

The reason I’ve been looking in to fail2ban is that I have a heap of errors in my logs from fail2ban trying to use iptables and failing, e.g.:

 2012-02-04 00:23:02,939 fail2ban.actions.action: ERROR  iptables -D fail2ban-ssh -s 125.211.221.117 -j DROP returned 100
 2012-02-04 00:59:12,456 fail2ban.actions.action: ERROR  iptables -I fail2ban-ssh 1 -s 50.30.33.90 -j DROP returned 100
 2012-02-04 01:59:12,930 fail2ban.actions.action: ERROR  iptables -D fail2ban-ssh -s 50.30.33.90 -j DROP returned 100
 2012-02-04 08:35:13,252 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh
 2012-02-04 08:35:36,688 fail2ban.actions.action: ERROR  iptables -N fail2ban-ssh-ddos
 2012-02-04 08:35:36,695 fail2ban.actions.action: ERROR  iptables -N fail2ban-apache-overflows
 2012-02-04 08:35:36,703 fail2ban.actions.action: ERROR  iptables -N fail2ban-postfix

Leave a Reply