Firewall setup and Fail2ban

10 posts / 0 new
Topic locked
Last post
#1 Thu, 12/06/2012 - 11:55
Owdy

Firewall setup and Fail2ban

I have moved server. Debian to Ubuntu. I have Faild2ban installed in both servers.

But when i look virtualmin firewall setting, i dont see fail2ban settings in my new server. See attacment https://virtualmin.com/system/files/firewall.png

This is the way i installed it: http://colekcolek.com/2012/02/28/install-fail2ban-debian-squeeze/

Why it doesnt show in firewall? Can i copy my setup from old server?

Thu, 12/06/2012 - 14:31
Locutus

I can't access the png file you linked.

Upon installation, Virtualmin modifies the iptables configuration, to allow its ports through. Maybe the fail2ban entries got lost that way. Have you restarted fail2ban afterwards, to allow it to re-create its chains or whatever it does to enforce its bans?

Thu, 12/06/2012 - 14:36
Owdy

I have restarted. Image http://i.imm.io/OcIt.png

Thu, 12/06/2012 - 14:42
Locutus

Is fail2ban running? Does it have a command to re-create its iptables chains?

(I'm using CSF/LFD myself, which has a command for that in its GUI).

Thu, 12/06/2012 - 15:41
Owdy

Its running, but i done know how to recreate chains

u# tail -f /var/log/fail2ban.log
2012-12-06 17:59:56,107 fail2ban.filter : INFO   Set findtime = 600
2012-12-06 17:59:56,107 fail2ban.actions: INFO   Set banTime = 600
2012-12-06 17:59:56,115 fail2ban.jail   : INFO   Creating new jail 'vsftpd'
2012-12-06 17:59:56,115 fail2ban.jail   : INFO   Jail 'vsftpd' uses Gamin
2012-12-06 17:59:56,116 fail2ban.filter : INFO   Set maxRetry = 6
2012-12-06 17:59:56,117 fail2ban.filter : INFO   Set findtime = 600
2012-12-06 17:59:56,117 fail2ban.actions: INFO   Set banTime = 600
2012-12-06 17:59:56,123 fail2ban.jail   : INFO   Jail 'ssh' started
2012-12-06 17:59:56,125 fail2ban.jail   : INFO   Jail 'apache' started
2012-12-06 17:59:56,125 fail2ban.jail   : INFO   Jail 'vsftpd' started
Thu, 12/06/2012 - 15:48
Owdy

Hmmm, Virtualmin shows like in that screenshot, but this:

root@host1:/home/Osku# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-vsftpd  tcp  --  anywhere             anywhere             multiport dports ftp,ftp-data                                           ,ftps,ftps-data
fail2ban-apache  tcp  --  anywhere             anywhere             multiport dports http,https
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
 
Chain fail2ban-apache (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
 
Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
 
Chain fail2ban-vsftpd (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Why those arent showing in Virtualimin?

Thu, 12/06/2012 - 15:54
Locutus

I've never really used that module, but it seems Webmin does not display the active configuration, but the contents of the file /etc/iptables.up.rules in that form.

You can safely ignore what Webmin is showing there.

Thu, 12/06/2012 - 15:55
Owdy

Okay, thanks. Seems bug to me :)

Thu, 12/06/2012 - 15:56
Locutus

No, it's not a bug, but intended behavior. Webmin shows the contents of the iptables config file, which can be applied upon boot or by clicking Apply. You can also revert the saved config to the active one with the Revert button.

Thu, 12/06/2012 - 16:06
Owdy

Aah, okay, seems fine now: http://imm.io/Odgx

But another thing, i dont use that port to ssh. Should i change it?

Topic locked