Si un arrêt du service Iptables ou un chargement de ses règles est nécessaire alors que Fail2ban est utilisé sur le système, ne pas oublier de relancer ce dernier après Iptables afin qu’il initialise à nouveaux ses propres règles.
Situation initale :
iptables -LChain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh,10022 ACCEPT all -- anywhere anywhere REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- loopback/8 loopback/8 ACCEPT tcp -- anywhere anywhere tcp dpt:ftp … Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere
Effacement et exemple de chargement des règles de Iptables :
iptables -F
iptables-restore < /etc/iptables/iptables-start-source
iptables -LChain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- loopback/8 loopback/8 ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
Fail2ban n’étant plus actif, le charger à nouveau :
/etc/init.d/fail2ban reload
iptables -LChain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh,10022 ACCEPT all -- anywhere anywhere REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- loopback/8 loopback/8 ACCEPT tcp -- anywhere anywhere tcp dpt:ftp … Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere