Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking
  Print view Previous topic | Next topic 
Author Message
JohnLamar
PostPosted: Mon Nov 24, 2014 2:45 pm 
Offline
Newbie

Joined: Mon May 04, 2009 6:45 pm
Posts: 3
Website: http://kindalame.com
I have an issue where only my home's IP keeps getting added as a drop all rule after visiting a few pages of one of my sites. I do have fail2ban running, but there is nothing in those logs and a grep of my IP against the log files gives me nothing that would make me think I've done something bannable by my own server. Considering this happens visiting Wordpress sites I think I'm tripping something in Apache, but those logs show nothing either (PHP errors did block me before because of a misconfiguration I fixed). My only other thought is that I do have a home server that relays mail through my linode, though this is just logwatch reports and maybe there is an issue there.

Regardless, it's hard to diagnose because I can't tell what is giving IPTABLES this rule. Even trying to do a base allow all from my IP gets trumped by this rule that gets generated out of nowhere (seemingly nowhere).

I've tried some Google-Fu, but it mostly leads me to rules for IPTABLES that will generate audits of blocks/connections/etc - not a way to find out what is affecting the rules themselves. So basically, I'm here for any suggestions. I've tried even removing fail2ban and lessening some of my other rules and it still happens - so I'm inclined thus far to say this isn't the cause.

Help?

_________________
Henzi.org and KindaLame.com are my primary uses for my Linode
Top
   
Reply with quote  
ingber
PostPosted: Wed Nov 26, 2014 4:28 pm 
Online
Senior Member

Joined: Sat Oct 23, 2010 12:56 pm
Posts: 73
Website: http://www.ingber.com
Location: Oregon
You might try putting your home IP into /etc/hosts.allow
ALL: XXX.XXX.XXX.XXX

This doesn't "solve" whatever is causing the problem, but it likely will avoid the problem?

_________________
http://www.ingber.com
Top
   
Reply with quote  
vonskippy
PostPosted: Wed Nov 26, 2014 4:55 pm 
Offline
Senior Member
User avatar

Joined: Sun Dec 27, 2009 11:12 pm
Posts: 1038
Location: Colorado, USA
IPTABLES rules occur BEFORE hosts.allow, so whitelisting his home IP in hosts.allow will NOT solve an IPTABLES problem.

Nothing in a default LAMP stack will auto-entry IP's to be blocked.

Fail2ban is more PITA then security - lose that COMPLETELY and see what happens.

Might get more responses if you actually post some of your config files (like IPTABLES rules, fail2ban config, etc).

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group