View previous topic :: View next topic |
Author |
Message |
baboo Senior Member
Joined: 04 Sep 2007 Posts: 676
|
Posted: Sun Mar 15, 2009 7:42 pm Post subject: firewall question |
|
|
I have been testing 1.4.2 before switching to production mode. No changes have been made to server for a month.
Yesterday I changed the webmin port from '10000' to a new port. This morning I was going thru the webmin modules and looked at the firewall module. To my surprise there was a policy there and according to time stamp put there yesterday.
I was wondering if you could tell me what this policy means:
# Generated by iptables-save v1.4.2 on Sun Mar 15 10:57:03 2009
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [1:558]
:OUTPUT ACCEPT [1:558]
COMMIT
# Completed on Sun Mar 15 10:57:03 2009
# Generated by iptables-save v1.4.2 on Sun Mar 15 10:57:03 2009
*mangle
:PREROUTING ACCEPT [5:260]
:INPUT ACCEPT [5:260]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:1572]
:POSTROUTING ACCEPT [5:1572]
COMMIT
# Completed on Sun Mar 15 10:57:03 2009
# Generated by iptables-save v1.4.2 on Sun Mar 15 10:57:03 2009
*filter
:INPUT ACCEPT [7945989:4351853093]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [13135277:17519156628]
:fail2ban-ProFTPD - [0:0]
:fail2ban-SSH - [0:0]
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A fail2ban-ProFTPD -j RETURN
-A fail2ban-SSH -j RETURN
COMMIT
# Completed on Sun Mar 15 10:57:03 2009
thanks |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Sun Mar 15, 2009 8:02 pm Post subject: |
|
|
Check your /var/log/fail2ban.log and your administrator user's mails.
You can do a 'iptables -L' alternative.
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
baboo Senior Member
Joined: 04 Sep 2007 Posts: 676
|
Posted: Sun Mar 15, 2009 8:22 pm Post subject: |
|
|
thanks for the reply.
ouptput:
tail /var/log/fail2ban.log
2009-03-11 15:37:59,657 fail2ban.filter : INFO Set findtime = 600
2009-03-11 15:37:59,658 fail2ban.actions: INFO Set banTime = -1
2009-03-11 15:37:59,736 fail2ban.jail : INFO Jail 'ssh-iptables' started
2009-03-11 15:37:59,740 fail2ban.jail : INFO Jail 'proftpd-iptables' started
2009-03-11 15:38:00,063 fail2ban.actions.action: ERROR iptables -N fail2ban-ProFTPD
iptables -A fail2ban-ProFTPD -j RETURN
iptables -I INPUT -p tcp --dport ftp -j fail2ban-ProFTPD returned 400
2009-03-15 04:40:02,623 fail2ban.filter : INFO Log rotation detected for /var/log/secure
2009-03-15 04:40:02,711 fail2ban.filter : INFO Log rotation detected for /var/log/messages
2009-03-15 10:56:26,097 fail2ban.filter : INFO Log rotation detected for /var/log/secure
Doesn't appear to be anything.
iptables -L output:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-ProFTPD (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
really not very good at reading this but looks okay to me.
thanks |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Sun Mar 15, 2009 8:29 pm Post subject: |
|
|
Those are your entries, they are OK.
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
baboo Senior Member
Joined: 04 Sep 2007 Posts: 676
|
Posted: Sun Mar 15, 2009 8:38 pm Post subject: |
|
|
When you say those are my entries, I need to be clear here. I did not put those in, so is it okay to delete?
thanks |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Sun Mar 15, 2009 9:02 pm Post subject: |
|
|
fail2ban add those, they are OK! no need to do anything.
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
baboo Senior Member
Joined: 04 Sep 2007 Posts: 676
|
Posted: Sun Mar 15, 2009 9:04 pm Post subject: |
|
|
thank you. I know sometimes I'm a pain but I am learning. Went out and bought firewall book on iptables.
thanks again |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Sun Mar 15, 2009 9:07 pm Post subject: |
|
|
If you build a good firewall script you can contribute it to SMS
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
baboo Senior Member
Joined: 04 Sep 2007 Posts: 676
|
Posted: Sun Mar 15, 2009 10:54 pm Post subject: |
|
|
I would not hold my breath waiting for that outcome. |
|
Back to top |
|
|