I'm not quite sure why this isn't working... it should. I am testing my fail2ban installation by trying to get myself banned. Fail2ban is picking up my SSH brute force attempts, is properly banning me, the iptables rule is there.... but I can still connect to my server without a problem.

fail2ban.log:

[root@server2 log]# tail fail2ban.log
2009-11-06 21:27:34,766 fail2ban.actions: INFO Set banTime = 600
2009-11-06 21:27:34,823 fail2ban.jail : INFO Creating new jail 'proftpd-iptables'
2009-11-06 21:27:34,823 fail2ban.jail : INFO Jail 'proftpd-iptables' uses poller
2009-11-06 21:27:34,824 fail2ban.filter : INFO Added logfile = /var/log/secure
2009-11-06 21:27:34,825 fail2ban.filter : INFO Set maxRetry = 10
2009-11-06 21:27:34,826 fail2ban.filter : INFO Set findtime = 600
2009-11-06 21:27:34,826 fail2ban.actions: INFO Set banTime = 600
2009-11-06 21:27:34,838 fail2ban.jail : INFO Jail 'ssh-iptables' started
2009-11-06 21:27:34,839 fail2ban.jail : INFO Jail 'proftpd-iptables' started
2009-11-06 21:27:55,845 fail2ban.actions: WARNING [ssh-iptables] Ban 98.197.128.40


[root@server2 log]# iptables -L | grep 98.197.128.40
DROP all -- c-98-197-128-40.hsd1.tx.comcast.net anywhere





Here is my whole iptables ruleset:

[root@server2 log]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-ProFTPD tcp -- anywhere anywhere tcp dpt:ftp
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp flags:ACK/ACK
ACCEPT all -- anywhere anywhere state ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED
ACCEPT udp -- anywhere anywhere udp spt:domain dpts:1024:65535
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT tcp -- anywhere anywhere tcp dpt:smakynet
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp multiport dports smtp,submission
ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:ftp
ACCEPT tcp -- anywhere anywhere tcp multiport dports pop3,pop3s
ACCEPT tcp -- anywhere anywhere tcp multiport dports imap,imap3,imaps
ACCEPT tcp -- anywhere anywhere tcp dpts:10123:10133
ACCEPT tcp -- anywhere anywhere tcp dpt:dnp
DROP all -- mail.insuranceprovidersgroup.com anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-ProFTPD (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-SSH (1 references)
target prot opt source destination
DROP all -- c-98-197-128-40.hsd1.tx.comcast.net anywhere
RETURN all -- anywhere anywhere





Any ideas why packets from me are not getting dropped like they should be?

Nevermind, figured it out. I saw that it was looking for the packets on the regular SSH port, and I do not use the regular ssh port. Changing the action in jail.conf to iptables-allports worked correctly =) I am now successfully banned. Yay!