Fail2ban not using port for some filters Ubuntu 14.04

April 12, 2015 843 views
Security Nginx LEMP PHP Linux Basics Logging Ubuntu

Hi all,

I have Ubuntu 14.04, Nginx 1.6.2, PHP and MySQL VPS. I installed fail2ban in this server and added some extra security. These are that extra filter http://pastebin.com/mxh6hvfC . This is my iptables -L output http://pastebin.com/QdXYuvsV

Now when I'm running iptables -S its display that some of the filters don't use any port, specially nginx-badbots don't show any port. So what is the reason for this matter?

/root$ sudo iptables -S
-N fail2ban-BadBots
-N fail2ban-NoAuthFailures
-N fail2ban-NoLoginFailures
-N fail2ban-NoProxy
-N fail2ban-NoScript
-N fail2ban-ReqLimit
-N fail2ban-SSH
-N fail2ban-mysqld-auth
-N fail2ban-nginx-dos
-N fail2ban-nginx-http-auth
-N fail2ban-php-url-fopen
-N fail2ban-postfix
-N fail2ban-ssh
-N fail2ban-ssh-ddos
-N fail2ban-wordpress
-A INPUT -p tcp -m tcp --dport 2200 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 80,8090 -j fail2ban-nginx-dos
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-ReqLimit
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-wordpress
-A INPUT -p tcp -m tcp --dport 80 -j fail2ban-NoAuthFailures
-A INPUT -p tcp -m multiport --dports 3306 -j fail2ban-mysqld-auth
-A INPUT -p tcp -m multiport --dports 25,465,587 -j fail2ban-postfix
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-nginx-http-auth
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-php-url-fopen
-A INPUT -p tcp -m tcp --dport 2200 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 2200,2200 -j fail2ban-ssh-ddos
-A INPUT -p tcp -m multiport --dports 2200 -j fail2ban-ssh
-A fail2ban-BadBots -j RETURN
-A fail2ban-NoAuthFailures -j RETURN
-A fail2ban-NoLoginFailures -j RETURN
-A fail2ban-NoProxy -j RETURN
-A fail2ban-NoScript -j RETURN
-A fail2ban-ReqLimit -j RETURN
-A fail2ban-SSH -j RETURN
-A fail2ban-SSH -j RETURN
-A fail2ban-mysqld-auth -j RETURN
-A fail2ban-nginx-dos -j RETURN
-A fail2ban-nginx-http-auth -j RETURN
-A fail2ban-php-url-fopen -j RETURN
-A fail2ban-postfix -j RETURN
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh-ddos -j RETURN
-A fail2ban-wordpress -j RETURN
1 comment
  • [nginx-badbots]
    enabled = true
    filter = apache-badbots
    action = iptables-multiport[name=BadBots, port="http,https"] <<<< get the ports numbert that you whant >>>>>>>>>>>>>
    logpath = /var/log/nginx/access.log
    bantime = 86400
    maxretry = 1

Be the first one to answer this question.