Re: fail2ban / ssh dans Lenny: Ne fonctionne pas
Voici le retour iptables:
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-pam-generic tcp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
eth0_in all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
Reject all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:INPUT:REJECT:'
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
Reject all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:FORWARD:REJECT:'
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
eth0_out all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
Reject all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:OUTPUT:REJECT:'
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain Drop (2 references)
target prot opt source destination
reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:113
dropBcast all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3
code 4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
11
dropInvalid all -- 0.0.0.0/0 0.0.0.0/0
DROP udp -- 0.0.0.0/0 0.0.0.0/0 multiport
dports 135,445
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpts:137:139
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:137
dpts:1024:65535
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
dports 135,139,445
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:1900
dropNotSyn tcp -- 0.0.0.0/0 0.0.0.0/0
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
Chain Reject (4 references)
target prot opt source destination
reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:113
dropBcast all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3
code 4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
11
dropInvalid all -- 0.0.0.0/0 0.0.0.0/0
reject udp -- 0.0.0.0/0 0.0.0.0/0 multiport
dports 135,445
reject udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpts:137:139
reject udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:137
dpts:1024:65535
reject tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
dports 135,139,445
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:1900
dropNotSyn tcp -- 0.0.0.0/0 0.0.0.0/0
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
Chain all2all (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
Reject all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:all2all:REJECT:'
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE =
broadcast
DROP all -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE =
multicast
Chain dropInvalid (2 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID
Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!
0x17/0x02
Chain dynamic (2 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID,NEW
smurfs all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID,NEW
tcpflags tcp -- 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID,NEW
smurfs all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID,NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpts:67:68
tcpflags tcp -- 0.0.0.0/0 0.0.0.0/0
net2fw all -- 0.0.0.0/0 0.0.0.0/0
Chain eth0_out (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpts:67:68
fw2net all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-pam-generic (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:logdrop:DROP:'
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain logflags (5 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:logflags:DROP:'
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:logreject:REJECT:'
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain net2all (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
Drop all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:net2all:DROP:'
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
8
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:443
Drop all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:net2fw:DROP:'
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain reject (11 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE =
broadcast
DROP all -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE =
multicast
DROP all -- 255.255.255.255 0.0.0.0/0
DROP all -- 224.0.0.0/4 0.0.0.0/0
DROP 2 -- 0.0.0.0/0 0.0.0.0/0
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with
tcp-reset
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable
REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
Chain shorewall (0 references)
target prot opt source destination
Chain smurfs (2 references)
target prot opt source destination
LOG all -- 91.121.107.255 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:smurfs:DROP:'
DROP all -- 91.121.107.255 0.0.0.0/0
LOG all -- 91.255.255.255 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:smurfs:DROP:'
DROP all -- 91.255.255.255 0.0.0.0/0
LOG all -- 255.255.255.255 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:smurfs:DROP:'
DROP all -- 255.255.255.255 0.0.0.0/0
LOG all -- 224.0.0.0/4 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:smurfs:DROP:'
DROP all -- 224.0.0.0/4 0.0.0.0/0
Chain tcpflags (2 references)
target prot opt source destination
logflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x3F/0x29
logflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x3F/0x00
logflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x06
logflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x03/0x03
logflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:0
flags:0x17/0x02
---
Désolé, je suis nouveau dans les liste de discussions. (Dailleurs je
n'ai pas de 'Répondre à la liste' dans mon client de mail, c'est pas
très pratique!)
Merci encore,
Reply to: