From: Nick <netfilter@acrasis.net>
To: netfilter@vger.kernel.org
Subject: Re: Firewall sometimes leaking
Date: Wed, 6 May 2020 15:57:26 +0100 [thread overview]
Message-ID: <20200506145726.GA9812@acrasis.net> (raw)
In-Reply-To: <alpine.DEB.2.21.2005061619330.4108@blackhole.kfki.hu>
On 2020-05-06 15:31 BST, Jozsef Kadlecsik wrote:
> Maybe the fail2ban rule is applied both for http and https, while the
> rule with the ipset matching is http only?
The log file that fail2ban monitors is the log for http requests only.
No other service writes to that log. The ipset is for http only.
I'm unclear about the import of your question though: by the time of the
http request at 04:22 fail2ban had done its thing and was no longer
involved. fail2ban had put the address into the ipset but netfilter,
for reasons I don't understand, apparently ignored it.
--
Nick
next prev parent reply other threads:[~2020-05-06 14:57 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-06 11:24 Firewall sometimes leaking Nick
2020-05-06 14:22 ` Jozsef Kadlecsik
2020-05-06 14:57 ` Nick [this message]
2020-05-10 7:56 ` Firewall sometimes leaking [solved] Nick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200506145726.GA9812@acrasis.net \
--to=netfilter@acrasis.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.