All of lore.kernel.org
 help / color / mirror / Atom feed
From: Nick <netfilter@acrasis.net>
To: netfilter@vger.kernel.org
Subject: Re: Firewall sometimes leaking
Date: Wed, 6 May 2020 15:57:26 +0100	[thread overview]
Message-ID: <20200506145726.GA9812@acrasis.net> (raw)
In-Reply-To: <alpine.DEB.2.21.2005061619330.4108@blackhole.kfki.hu>

On 2020-05-06 15:31 BST, Jozsef Kadlecsik wrote:
> Maybe the fail2ban rule is applied both for http and https, while the
> rule with the ipset matching is http only?

The log file that fail2ban monitors is the log for http requests only.
No other service writes to that log.  The ipset is for http only.

I'm unclear about the import of your question though: by the time of the
http request at 04:22 fail2ban had done its thing and was no longer
involved.  fail2ban had put the address into the ipset but netfilter,
for reasons I don't understand, apparently ignored it.
-- 
Nick

  reply	other threads:[~2020-05-06 14:57 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-06 11:24 Firewall sometimes leaking Nick
2020-05-06 14:22 ` Jozsef Kadlecsik
2020-05-06 14:57   ` Nick [this message]
2020-05-10  7:56     ` Firewall sometimes leaking [solved] Nick

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200506145726.GA9812@acrasis.net \
    --to=netfilter@acrasis.net \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.