fail2ban log says "banned" but IP still able to connect

This page summarizes the projects mentioned and recommended in the original post on /r/selfhosted
Security Linux MacOS Protection intrusion-prevention

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • crowdsec

    CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

    • and for general routing behind Traefik I use Crowdsec Docker for monitoring traffic and blocking it. I did NMAP scan over VPN and I got banned :D https://crowdsec.net/

  • Fail2Ban

    Daemon to ban hosts that cause multiple authentication errors

    • # actionflush = -F f2b- [Init] # Option: chain # Notes specifies the iptables chain to which the Fail2Ban rules should be # added # Values: STRING Default: INPUT chain = INPUT # Default name of the chain # name = default # Option: port # Notes.: specifies port to monitor # Values: [ NUM | STRING ] Default: ## port = ssh # Option: protocol # Notes.: internally used by config reader for interpolations. # Values: [ tcp | udp | icmp | all ] Default: tcp # protocol = tcp # Option: blocktype # Note: This is what the action does with rules. This can be any jump target # as per the iptables man page (section 8). Common values are DROP # REJECT, REJECT --reject-with icmp-port-unreachable # Values: STRING blocktype = BLOCK # Option: returntype # Note: This is the default rule on "actionstart". This should be RETURN # in all (blocking) actions, except REJECT in allowing actions.# Values: STRING returntype = RETURN # Option: lockingopt # Notes.: Option was introduced to iptables to prevent multiple instances from # running concurrently and causing irratic behavior. -w was introduced # in iptables 1.4.20, so might be absent on older systems # See https://github.com/fail2ban/fail2ban/issues/1122 # Values: STRING lockingopt = -w # Option: iptables # Notes.: Actual command to be executed, including common to all calls options # Values: STRING iptables = iptables [Init?family=inet6] # Option: blocktype (ipv6) # Note: This is what the action does with rules. This can be any jump target # as per the iptables man page (section 8). Common values are DROP # REJECT, REJECT --reject-with icmp6-port-unreachable # Values: STRING blocktype = REJECT --reject-with icmp6-port-unreachable # Option: iptables (ipv6) # Notes.: Actual command to be executed, including common to all calls options # Values: STRING iptables = ip6tables

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts