Skip to content

Instantly share code, notes, and snippets.

Last active March 10, 2021 16:37
What would you like to do?
Fail2Ban DROP instead REJECT
#Depending on version one of the following files must exist
root@host:/ nano /etc/fail2ban/action.d/iptables-blocktype.conf
root@host:/ nano /etc/fail2ban/action.d/iptables-common.conf
comment the line
#blocktype = REJECT --reject-with icmp-port-unreachable
create the line
blocktype = DROP
Copy link

caffeinatedgoat commented Sep 10, 2020

Agreed, the default should be DROP. Legitimate users shouldn't be effected because legitimate users shouldn't banned.

Copy link

Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 95097
| - Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd - Actions
|- Currently banned: 483
|- Total banned: 1785
DROP, REJECT, Same fight. I don't understand why connection attempts continue while IP addresses are banned.
root ( 45 Time(s)
root ( 45 Time(s)
root ( 45 Time(s)
root ( 45 Time(s)
root ( 45 Time(s)
root ( 45 Time(s)
root ( 45 Time(s)
Does anyone have any idea?

Copy link

sem-hub commented Jan 10, 2021

I think REJECT is very strange choice for default.
I've realize it when found a lot of ICMP traffic from me. It customizes easy, but a lot of people will not change it.
I've read #507 and I'm not agree.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment