Menu

Posts Tagged ‘iptables’

Block brute force with fail2ban

September 27, 2015 |  by  |  Computer Stuff, Doku  |  No Comments

source: http://crycode.de/wiki/Fail2Ban, Peter Tuch
license: http://creativecommons.org/licenses/by/4.0/
Updated for Debian 8 (2017/02/15)

jail.local

/etc/fail2ban/filter.d/fail2ban.conf

List and delete IP-adresses in IPtables

September 27, 2015 |  by  |  Computer Stuff, Doku  |  No Comments

List existing chains

To list IPs in tables:

List existing chains with line number

To display line numbers:

Example:


Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 fail2ban-fail2ban all -- 0.0.0.0/0 0.0.0.0/0
2 fail2ban-courierimaps tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 993
3 fail2ban-courierimap tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 143
4 fail2ban-courierpop3s tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 995
5 fail2ban-courierpop3 tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 110
6 fail2ban-pureftpd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 21
7 fail2ban-sasl tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,143,220,993,110,995
8 fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain fail2ban-courierimap (1 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-courierimaps (1 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-courierpop3 (1 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-courierpop3s (1 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-fail2ban (1 references)
num target prot opt source destination
1 DROP all -- 143.233.185.115 0.0.0.0/0
2 DROP all -- 43.229.53.56 0.0.0.0/0
3 DROP all -- 94.102.49.235 0.0.0.0/0
4 DROP all -- 69.39.193.51 0.0.0.0/0
5 DROP all -- 66.199.0.114 0.0.0.0/0
6 DROP all -- 218.65.30.107 0.0.0.0/0
7 DROP all -- 218.65.30.61 0.0.0.0/0
8 DROP all -- 94.102.63.139 0.0.0.0/0
9 DROP all -- 193.104.41.53 0.0.0.0/0
10 DROP all -- 79.58.55.44 0.0.0.0/0
11 DROP all -- 103.16.228.97 0.0.0.0/0
12 DROP all -- 89.248.168.40 0.0.0.0/0
13 DROP all -- 155.133.19.233 0.0.0.0/0
14 DROP all -- 93.174.95.81 0.0.0.0/0
15 DROP all -- 66.23.231.10 0.0.0.0/0
16 DROP all -- 14.29.80.42 0.0.0.0/0
17 DROP all -- 113.208.115.229 0.0.0.0/0
18 DROP all -- 203.177.147.211 0.0.0.0/0
19 DROP all -- 185.40.4.33 0.0.0.0/0
20 DROP all -- 59.63.188.45 0.0.0.0/0
21 DROP all -- 176.0.36.81 0.0.0.0/0
22 DROP all -- 185.63.252.128 0.0.0.0/0
23 DROP all -- 176.0.44.124 0.0.0.0/0
24 DROP all -- 221.194.57.246 0.0.0.0/0
25 DROP all -- 212.91.171.178 0.0.0.0/0
26 DROP all -- 176.4.58.196 0.0.0.0/0
27 DROP all -- 218.87.111.110 0.0.0.0/0
28 DROP all -- 185.63.252.222 0.0.0.0/0
29 DROP all -- 116.204.96.150 0.0.0.0/0
30 DROP all -- 93.174.93.177 0.0.0.0/0
31 DROP all -- 119.57.151.34 0.0.0.0/0
32 DROP all -- 62.210.151.54 0.0.0.0/0
33 DROP all -- 115.214.234.135 0.0.0.0/0
34 DROP all -- 176.4.14.45 0.0.0.0/0
35 DROP all -- 92.47.201.183 0.0.0.0/0
36 DROP all -- 222.42.146.175 0.0.0.0/0
37 DROP all -- 1.255.86.241 0.0.0.0/0
38 DROP all -- 109.109.38.139 0.0.0.0/0
39 DROP all -- 140.90.114.114 0.0.0.0/0
40 DROP all -- 46.114.78.216 0.0.0.0/0
41 DROP all -- 88.67.212.104 0.0.0.0/0
42 DROP all -- 112.101.135.160 0.0.0.0/0
43 DROP all -- 113.160.248.120 0.0.0.0/0
44 DROP all -- 66.135.38.7 0.0.0.0/0
45 DROP all -- 182.100.67.113 0.0.0.0/0
46 DROP all -- 218.87.111.107 0.0.0.0/0
47 DROP all -- 183.38.146.183 0.0.0.0/0
48 DROP all -- 85.154.11.21 0.0.0.0/0
49 DROP all -- 218.87.111.109 0.0.0.0/0
50 DROP all -- 218.87.111.108 0.0.0.0/0
51 DROP all -- 218.4.117.26 0.0.0.0/0
52 DROP all -- 204.151.15.181 0.0.0.0/0
53 DROP all -- 193.201.224.133 0.0.0.0/0
54 DROP all -- 24.179.227.180 0.0.0.0/0
55 DROP all -- 93.174.93.28 0.0.0.0/0
56 DROP all -- 43.229.53.62 0.0.0.0/0
57 DROP all -- 193.104.41.206 0.0.0.0/0
58 DROP all -- 27.109.17.42 0.0.0.0/0
59 DROP all -- 80.82.65.64 0.0.0.0/0
60 DROP all -- 113.195.145.12 0.0.0.0/0
61 DROP all -- 98.25.77.42 0.0.0.0/0
62 DROP all -- 212.83.176.26 0.0.0.0/0
63 DROP all -- 2.185.148.73 0.0.0.0/0
64 DROP all -- 58.218.211.166 0.0.0.0/0
65 DROP all -- 72.167.140.72 0.0.0.0/0
66 DROP all -- 85.214.19.249 0.0.0.0/0
67 DROP all -- 78.158.161.158 0.0.0.0/0
68 DROP all -- 173.201.187.229 0.0.0.0/0
69 DROP all -- 210.14.157.171 0.0.0.0/0
70 DROP all -- 46.219.50.112 0.0.0.0/0
71 DROP all -- 176.0.37.130 0.0.0.0/0
72 DROP all -- 43.229.53.53 0.0.0.0/0
73 DROP all -- 182.100.67.4 0.0.0.0/0
74 DROP all -- 185.40.4.45 0.0.0.0/0
75 DROP all -- 222.73.99.51 0.0.0.0/0
76 DROP all -- 146.0.72.166 0.0.0.0/0
77 DROP all -- 176.6.106.27 0.0.0.0/0
78 DROP all -- 65.181.127.72 0.0.0.0/0
79 DROP all -- 176.2.120.146 0.0.0.0/0
80 DROP all -- 218.87.111.71 0.0.0.0/0
81 DROP all -- 176.31.128.45 0.0.0.0/0
82 DROP all -- 31.180.129.125 0.0.0.0/0
83 DROP all -- 80.82.64.127 0.0.0.0/0
84 DROP all -- 82.165.35.88 0.0.0.0/0
85 DROP all -- 115.210.75.58 0.0.0.0/0
86 DROP all -- 62.210.187.221 0.0.0.0/0
87 DROP all -- 193.107.17.72 0.0.0.0/0
88 DROP all -- 121.41.14.128 0.0.0.0/0
89 DROP all -- 176.4.111.1 0.0.0.0/0
90 DROP all -- 218.65.30.217 0.0.0.0/0
91 DROP all -- 97.74.198.140 0.0.0.0/0
92 DROP all -- 104.155.36.117 0.0.0.0/0
93 DROP all -- 119.163.120.202 0.0.0.0/0
94 DROP all -- 212.83.175.192 0.0.0.0/0
95 DROP all -- 176.4.13.226 0.0.0.0/0
96 DROP all -- 94.102.52.147 0.0.0.0/0
97 DROP all -- 162.213.153.89 0.0.0.0/0
98 DROP all -- 104.217.216.174 0.0.0.0/0
99 DROP all -- 184.107.214.130 0.0.0.0/0
100 DROP all -- 202.198.129.78 0.0.0.0/0
101 DROP all -- 80.82.64.134 0.0.0.0/0
102 DROP all -- 58.187.84.243 0.0.0.0/0
103 DROP all -- 5.63.119.34 0.0.0.0/0
104 DROP all -- 62.210.190.69 0.0.0.0/0
105 DROP all -- 62.210.187.244 0.0.0.0/0
106 DROP all -- 82.165.37.87 0.0.0.0/0
107 DROP all -- 201.71.174.31 0.0.0.0/0
108 DROP all -- 192.227.219.18 0.0.0.0/0
109 DROP all -- 46.114.5.157 0.0.0.0/0
110 DROP all -- 210.143.144.87 0.0.0.0/0
111 DROP all -- 212.83.147.83 0.0.0.0/0
112 DROP all -- 212.129.15.231 0.0.0.0/0
113 DROP all -- 58.67.199.9 0.0.0.0/0
114 DROP all -- 89.248.164.63 0.0.0.0/0
115 DROP all -- 103.27.27.36 0.0.0.0/0
116 DROP all -- 176.0.110.18 0.0.0.0/0
117 DROP all -- 218.65.30.92 0.0.0.0/0
118 DROP all -- 119.252.171.158 0.0.0.0/0
119 DROP all -- 43.229.53.28 0.0.0.0/0
120 DROP all -- 221.203.142.69 0.0.0.0/0
121 DROP all -- 180.166.152.146 0.0.0.0/0
122 DROP all -- 74.208.72.135 0.0.0.0/0
123 DROP all -- 118.139.160.95 0.0.0.0/0
124 DROP all -- 95.215.0.203 0.0.0.0/0
125 DROP all -- 74.208.199.13 0.0.0.0/0
126 DROP all -- 212.83.175.238 0.0.0.0/0
127 DROP all -- 212.129.14.252 0.0.0.0/0
128 DROP all -- 62.210.188.139 0.0.0.0/0
129 DROP all -- 65.181.123.242 0.0.0.0/0
130 DROP all -- 94.79.33.21 0.0.0.0/0
131 DROP all -- 106.248.211.195 0.0.0.0/0
132 DROP all -- 218.4.90.246 0.0.0.0/0
133 DROP all -- 176.120.40.86 0.0.0.0/0
134 DROP all -- 188.42.216.107 0.0.0.0/0
135 DROP all -- 46.114.38.13 0.0.0.0/0
136 DROP all -- 43.229.53.15 0.0.0.0/0
137 DROP all -- 62.210.167.104 0.0.0.0/0
138 DROP all -- 221.203.142.72 0.0.0.0/0
139 DROP all -- 213.165.70.245 0.0.0.0/0
140 DROP all -- 212.83.175.205 0.0.0.0/0
141 DROP all -- 222.171.202.10 0.0.0.0/0
142 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-pureftpd (1 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-sasl (1 references)
num target prot opt source destination
1 DROP all -- 81.45.76.209 0.0.0.0/0
2 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-ssh (1 references)
num target prot opt source destination
1 DROP all -- 218.87.111.116 0.0.0.0/0
2 DROP all -- 193.201.227.128 0.0.0.0/0
3 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Delete an entry from IPtables

To delete an entry from IPtables:

How to delete an IP-address from IPtables the fail2ban-way

https://www.howtoforge.com/community/threads/how-to-manually-unban-ip-blocked-by-fail2ban.51366/
http://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban
With a pre 0.8.8 version of fail2ban it is:

From version 0.8.8 it is:

How to make the rules persistent

Install the package ‘iptables-persistent’:


Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
iptables-persistent
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 10.3 kB of archives.
After this operation, 61.4 kB of additional disk space will be used.
Get:1 http://ftp.de.debian.org/debian/ wheezy/main iptables-persistent all 0.5.7 [10.3 kB]
Fetched 10.3 kB in 0s (247 kB/s)
Preconfiguring packages ...
Selecting previously unselected package iptables-persistent.
(Reading database ... 53276 files and directories currently installed.)
Unpacking iptables-persistent (from .../iptables-persistent_0.5.7_all.deb) ...
update-rc.d: using dependency based boot sequencing
Setting up iptables-persistent (0.5.7) ...
[ ok ] Loading iptables rules... IPv4... IPv6...done.

Usage:


Usage: /etc/init.d/iptables-persistent {start|restart|reload|force-reload|save|flush}