Hacking Important, but fail2ban doesn't act; Failed to authenticate device

4allbusiness · November 19, 2013, 2:15pm

Hi DanielF,

Thank you very much!!!
I used your script and I am also adding once a month the ip addresses which are the same from several fail2ban logs.

Thank you!!!

danielf · November 21, 2013, 8:00am

Hi Bas,
Thank you for using my script. I have improved it and you can use the newer version. I have added logging to the rules also. if you want to see the firewall logs make sure that you have these lines:
#IPtables kern.debug /var/log/iptables.log
at the bottom of /etc/syslog.conf or /etc/rsyslog.conf.
Do not forget to restart the syslog service:
service restart syslog
or
service restart rsyslog

Thank you,

danielf · November 21, 2013, 8:04am

here is the newer version of the firewall.sh file:
#!/bin/bash #File location /etc/firewall.sh

#Clear the rules and chains
iptables -F
iptables -X

#Create the LOGGING chain
iptables -N LOGGING

#Drop invalid packets
iptables -A INPUT -m state --state INVALID -j LOG --log-level 7 --log-prefix 'InvalidDrop: '
iptables -A INPUT -m state --state INVALID -j DROP

#Allowed packet states and loopback interface
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p all -s 127.0.0.1 -j ACCEPT

#BLOCKED KNOWN ATTACKERS
iptables -A INPUT -p all -s 112.220.100.226/32 -j DROP
iptables -A INPUT -p all -s 213.229.107.27/32 -j DROP
iptables -A INPUT -p all -s 180.211.97.82/32 -j DROP
iptables -A INPUT -p all -s 110.164.192.26/32 -j DROP
iptables -A INPUT -p all -s 180.151.96.176/32 -j DROP
iptables -A INPUT -p all -s 2.97.121.235/32 -j DROP
iptables -A INPUT -p all -s 222.186.29.69/32 -j DROP
iptables -A INPUT -p all -s 108.59.5.146/32 -j DROP
iptables -A INPUT -p all -s 46.165.196.148/32 -j DROP
iptables -A INPUT -p all -s 46.105.119.150/32 -j DROP
iptables -A INPUT -p all -s 112.220.65.195/32 -j DROP
iptables -A INPUT -p all -s 61.132.255.107/32 -j DROP
iptables -A INPUT -p all -s 94.75.215.26/32 -j DROP
iptables -A INPUT -p all -s 70.86.175.178/32 -j DROP
iptables -A INPUT -p all -s 209.243.14.56/32 -j DROP
iptables -A INPUT -p all -s 85.25.145.176/32 -j DROP
iptables -A INPUT -p all -s 58.62.173.159/32 -j DROP
iptables -A INPUT -p all -s 1.0.0.0/32 -j DROP
iptables -A INPUT -p all -s 96.44.189.178/32 -j DROP
iptables -A INPUT -p all -s 69.61.235.174/32 -j DROP
iptables -A INPUT -p all -s 125.32.98.130/32 -j DROP
iptables -A INPUT -p all -s 173.224.214.18/32 -j DROP
iptables -A INPUT -p all -s 124.160.227.3/32 -j DROP
iptables -A INPUT -p all -s 50.30.33.90/32 -j DROP
iptables -A INPUT -p all -s 174.137.170.180/32 -j DROP
iptables -A INPUT -p all -s 182.72.155.110/32 -j DROP
iptables -A INPUT -p all -s 110.155.72.182/32 -j DROP
iptables -A INPUT -p all -s 188.75.195.213/32 -j DROP
iptables -A INPUT -p all -s 30.121.8.96/32 -j DROP
iptables -A INPUT -p all -s 64.15.138.23/32 -j DROP
iptables -A INPUT -p all -s 201.65.24.234/32 -j DROP
iptables -A INPUT -p all -s 141.80.164.34/32 -j DROP
iptables -A INPUT -p all -s 60.211.179.37/32 -j DROP
iptables -A INPUT -p all -s 85.25.201.69/32 -j DROP
iptables -A INPUT -p all -s 109.230.220.168/32 -j DROP
iptables -A INPUT -p all -s 176.31.123.59/32 -j DROP
iptables -A INPUT -p all -s 37.75.215.127/32 -j DROP
iptables -A INPUT -p all -s 8.33.7.55/32 -j DROP
iptables -A INPUT -p all -s 94.23.36.186/32 -j DROP
iptables -A INPUT -p all -s 37.59.50.57/32 -j DROP
iptables -A INPUT -p all -s 192.157.207.10/32 -j DROP
iptables -A INPUT -p all -s 138.91.174.13/32 -j DROP
iptables -A INPUT -p all -s 137.135.243.142/32 -j DROP
iptables -A INPUT -p all -s 82.205.0.74/32 -j DROP
iptables -A INPUT -p all -s 87.98.164.207/32 -j DROP
iptables -A INPUT -p all -s 82.205.29.124/32 -j DROP
iptables -A INPUT -p all -s 81.218.117.29/32 -j DROP
iptables -A INPUT -p all -s 37.8.54.54/32 -j DROP
iptables -A INPUT -p all -s 192.157.201.76/32 -j DROP
iptables -A INPUT -p all -s 192.237.148.128/32 -j DROP
iptables -A INPUT -p all -s 108.59.12.8/32 -j DROP
iptables -A INPUT -p all -s 91.121.136.136/32 -j DROP
iptables -A INPUT -p all -s 37.8.34.119/32 -j DROP
iptables -A INPUT -p all -s 82.205.1.149/32 -j DROP
iptables -A INPUT -p all -s 37.8.23.101/32 -j DROP
iptables -A INPUT -p all -s 37.8.41.104/32 -j DROP
iptables -A INPUT -p all -s 37.8.14.32/32 -j DROP
iptables -A INPUT -p all -s 188.138.41.34/32 -j DROP
iptables -A INPUT -p all -s 188.138.33.215/32 -j DROP
iptables -A INPUT -p all -s 162.13.47.73/32 -j DROP
iptables -A INPUT -p all -s 82.205.23.184/32 -j DROP
iptables -A INPUT -p all -s 188.138.90.172/32 -j DROP
iptables -A INPUT -p all -s 192.187.97.58/32 -j DROP
iptables -A INPUT -p all -s 192.187.97.50/32 -j DROP
iptables -A INPUT -p all -s 164.177.188.117/32 -j DROP
iptables -A INPUT -p all -s 37.8.35.74/32 -j DROP
iptables -A INPUT -p all -s 37.8.30.6/32 -j DROP
iptables -A INPUT -p all -s 82.205.9.34/32 -j DROP
iptables -A INPUT -p all -s 69.197.151.178/32 -j DROP
iptables -A INPUT -p all -s 37.8.16.209/32 -j DROP
iptables -A INPUT -p all -s 37.8.61.151/32 -j DROP
iptables -A INPUT -p all -s 37.8.36.139/32 -j DROP
iptables -A INPUT -p all -s 204.12.243.82/32 -j DROP
iptables -A INPUT -p all -s 87.98.245.174/32 -j DROP
iptables -A INPUT -p all -s 37.187.9.82/32 -j DROP
iptables -A INPUT -p all -s 192.187.99.202/32 -j DROP
iptables -A INPUT -p all -s 192.187.115.90/32 -j DROP
iptables -A INPUT -p all -s 188.138.95.7/32 -j DROP
iptables -A INPUT -p all -s 94.23.165.212/32 -j DROP
iptables -A INPUT -p all -s 69.197.147.50/32 -j DROP
iptables -A INPUT -p all -s 46.4.120.183/32 -j DROP
iptables -A INPUT -p all -s 82.205.20.104/32 -j DROP
iptables -A INPUT -p all -s 37.8.59.82/32 -j DROP
iptables -A INPUT -p all -s 37.8.89.197/32 -j DROP
iptables -A INPUT -p all -s 37.8.33.122/32 -j DROP
iptables -A INPUT -p all -s 82.205.27.234/32 -j DROP
iptables -A INPUT -p all -s 37.8.51.27/32 -j DROP
iptables -A INPUT -p all -s 37.8.57.122/32 -j DROP
iptables -A INPUT -p all -s 37.8.16.36/32 -j DROP
iptables -A INPUT -p all -s 80.86.88.130/32 -j DROP
iptables -A INPUT -p all -s 85.25.154.103/32 -j DROP
iptables -A INPUT -p all -s 37.8.5.68/32 -j DROP
iptables -A INPUT -p all -s 204.12.242.186/32 -j DROP
iptables -A INPUT -p all -s 198.27.68.179/32 -j DROP
iptables -A INPUT -p all -s 144.76.156.235/32 -j DROP
iptables -A INPUT -p all -s 5.135.200.50/32 -j DROP
iptables -A INPUT -p all -s 63.141.249.154/32 -j DROP
iptables -A INPUT -p all -s 5.11.42.18/32 -j DROP
iptables -A INPUT -p all -s 37.8.88.206/32 -j DROP
iptables -A INPUT -p all -s 66.240.236.110/32 -j DROP
iptables -A INPUT -p all -s 142.54.168.178/32 -j DROP
iptables -A INPUT -p all -s 192.187.114.26/32 -j DROP
iptables -A INPUT -p all -s 94.23.202.102/32 -j DROP
iptables -A INPUT -p all -s 54.200.90.202/32 -j DROP
iptables -A INPUT -p all -s 37.59.31.200/32 -j DROP
iptables -A INPUT -p all -s 37.8.52.43/32 -j DROP
iptables -A INPUT -p all -s 37.8.57.92/32 -j DROP
iptables -A INPUT -p all -s 37.8.17.206/32 -j DROP
iptables -A INPUT -p all -s 192.99.9.23/32 -j DROP
iptables -A INPUT -p all -s 192.111.151.142/32 -j DROP
iptables -A INPUT -p all -s 142.54.168.140/32 -j DROP
iptables -A INPUT -p all -s 192.111.154.66/32 -j DROP
iptables -A INPUT -p all -s 37.8.21.126/32 -j DROP
iptables -A INPUT -p all -s 50.22.47.4/32 -j DROP
iptables -A INPUT -p all -s 198.50.152.57/32 -j DROP
iptables -A INPUT -p all -s 94.23.165.136/32 -j DROP
iptables -A INPUT -p all -s 85.25.201.172/32 -j DROP
iptables -A INPUT -p all -s 86.108.17.187/32 -j DROP
iptables -A INPUT -p all -s 192.99.7.19/32 -j DROP
iptables -A INPUT -p all -s 192.99.3.119/32 -j DROP
iptables -A INPUT -p all -s 37.75.215.77/32 -j DROP
iptables -A INPUT -p all -s 164.177.188.152/32 -j DROP
iptables -A INPUT -p all -s 37.8.16.89/32 -j DROP
iptables -A INPUT -p all -s 37.75.210.33/32 -j DROP
iptables -A INPUT -p all -s 82.205.23.88/32 -j DROP
iptables -A INPUT -p all -s 82.205.8.212/32 -j DROP
iptables -A INPUT -p all -s 82.205.17.168/32 -j DROP
iptables -A INPUT -p all -s 188.227.184.50/32 -j DROP
iptables -A INPUT -p all -s 144.76.164.37/32 -j DROP
iptables -A INPUT -p all -s 37.8.29.202/32 -j DROP
iptables -A INPUT -p all -s 185.19.217.138/32 -j DROP
iptables -A INPUT -p all -s 185.12.5.191/32 -j DROP
iptables -A INPUT -p all -s 37.8.50.190/32 -j DROP
iptables -A INPUT -p all -s 192.99.6.157/32 -j DROP
iptables -A INPUT -p all -s 204.12.244.18/32 -j DROP
iptables -A INPUT -p all -s 37.8.86.189/32 -j DROP
iptables -A INPUT -p all -s 213.239.218.51/32 -j DROP
iptables -A INPUT -p all -s 37.8.90.98/32 -j DROP
iptables -A INPUT -p all -s 37.8.52.225/32 -j DROP
iptables -A INPUT -p all -s 37.8.33.136/32 -j DROP
iptables -A INPUT -p all -s 198.27.69.82/32 -j DROP
iptables -A INPUT -p all -s 5.135.128.175/32 -j DROP
iptables -A INPUT -p all -s 192.95.21.65/32 -j DROP
iptables -A INPUT -p all -s 37.8.48.198/32 -j DROP
iptables -A INPUT -p all -s 192.99.6.20/32 -j DROP
iptables -A INPUT -p all -s 193.235.73.194/32 -j DROP
iptables -A INPUT -p all -s 54.200.205.58/32 -j DROP
iptables -A INPUT -p all -s 69.197.160.66/32 -j DROP
iptables -A INPUT -p all -s 37.8.85.100/32 -j DROP
iptables -A INPUT -p all -s 204.12.252.122/32 -j DROP
iptables -A INPUT -p all -s 82.205.26.52/32 -j DROP
iptables -A INPUT -p all -s 37.8.70.227/32 -j DROP
iptables -A INPUT -p all -s 37.8.91.196/32 -j DROP
iptables -A INPUT -p all -s 41.102.59.131/32 -j DROP
iptables -A INPUT -p all -s 46.20.42.90/32 -j DROP
iptables -A INPUT -p all -s 46.228.204.146/32 -j DROP
iptables -A INPUT -p all -s 176.31.26.4/32 -j DROP
iptables -A INPUT -p all -s 54.205.98.8/32 -j DROP
iptables -A INPUT -p all -s 85.25.154.255/32 -j DROP
iptables -A INPUT -p all -s 69.197.165.202/32 -j DROP
iptables -A INPUT -p all -s 176.67.107.129/32 -j DROP
iptables -A INPUT -p all -s 188.138.1.232/32 -j DROP
iptables -A INPUT -p all -s 82.205.21.161/32 -j DROP
iptables -A INPUT -p all -s 54.246.241.95/32 -j DROP
iptables -A INPUT -p all -s 162.13.15.120/32 -j DROP
iptables -A INPUT -p all -s 82.205.16.12/32 -j DROP
iptables -A INPUT -p all -s 82.205.16.220/32 -j DROP
iptables -A INPUT -p all -s 5.9.99.174/32 -j DROP
iptables -A INPUT -p all -s 62.75.181.144/32 -j DROP
iptables -A INPUT -p all -s 37.8.27.119/32 -j DROP
iptables -A INPUT -p all -s 54.215.166.125/32 -j DROP
iptables -A INPUT -p all -s 85.25.184.121/32 -j DROP
iptables -A INPUT -p all -s 188.138.75.172/32 -j DROP
iptables -A INPUT -p all -s 198.27.74.19/32 -j DROP
iptables -A INPUT -p all -s 188.138.41.100/32 -j DROP
iptables -A INPUT -p all -s 37.8.62.129/32 -j DROP
iptables -A INPUT -p all -s 162.13.80.150/32 -j DROP
iptables -A INPUT -p all -s 204.12.230.122/32 -j DROP
iptables -A INPUT -p all -s 80.241.216.33/32 -j DROP
iptables -A INPUT -p all -s 5.11.44.184/32 -j DROP
iptables -A INPUT -p all -s 204.12.242.50/32 -j DROP
iptables -A INPUT -p all -s 54.219.154.140/32 -j DROP
iptables -A INPUT -p all -s 69.197.165.234/32 -j DROP
iptables -A INPUT -p all -s 50.7.255.75/32 -j DROP
iptables -A INPUT -p all -s 204.12.242.50/32 -j DROP
iptables -A INPUT -p all -s 178.162.205.209/32 -j DROP
iptables -A INPUT -p all -s 204.12.234.154/32 -j DROP
iptables -A INPUT -p all -s 83.244.5.119/32 -j DROP
iptables -A INPUT -p all -s 198.50.156.10/32 -j DROP
iptables -A INPUT -p all -s 37.75.213.116/32 -j DROP
iptables -A INPUT -p all -s 37.8.84.237/32 -j DROP
iptables -A INPUT -p all -s 37.8.23.57/32 -j DROP
iptables -A INPUT -p all -s 92.253.69.14/32 -j DROP
iptables -A INPUT -p all -s 5.135.200.42/32 -j DROP
iptables -A INPUT -p all -s 37.8.92.176/32 -j DROP
iptables -A INPUT -p all -s 94.249.15.196/32 -j DROP
iptables -A INPUT -p all -s 69.197.165.210/32 -j DROP
iptables -A INPUT -p all -s 178.162.205.217/32 -j DROP
iptables -A INPUT -p all -s 95.163.121.19/32 -j DROP
iptables -A INPUT -p all -s 178.162.205.210/32 -j DROP
iptables -A INPUT -p all -s 54.200.206.222/32 -j DROP
iptables -A INPUT -p all -s 198.7.59.153/32 -j DROP
iptables -A INPUT -p all -s 162.13.94.6/32 -j DROP
iptables -A INPUT -p all -s 207.244.67.205/32 -j DROP
iptables -A INPUT -p all -s 178.162.205.206/32 -j DROP
iptables -A INPUT -p all -s 63.128.173.12/32 -j DROP
iptables -A INPUT -p all -s 162.13.85.121/32 -j DROP
iptables -A INPUT -p all -s 178.162.205.235/32 -j DROP
iptables -A INPUT -p all -s 198.27.87.94/32 -j DROP
iptables -A INPUT -p all -s 5.135.148.86/32 -j DROP
iptables -A INPUT -p all -s 188.161.3.99/32 -j DROP
iptables -A INPUT -p all -s 198.50.244.52/32 -j DROP
iptables -A INPUT -p all -s 188.40.189.6/32 -j DROP
iptables -A INPUT -p all -s 176.31.65.140/32 -j DROP
iptables -A INPUT -p all -s 198.27.86.23/32 -j DROP
iptables -A INPUT -p all -s 74.208.154.230/32 -j DROP
iptables -A INPUT -p all -s 54.211.248.230/32 -j DROP
iptables -A INPUT -p all -s 207.244.66.107/32 -j DROP
iptables -A INPUT -p all -s 82.205.28.18/32 -j DROP
iptables -A INPUT -p all -s 188.40.189.6/32 -j DROP
iptables -A INPUT -p all -s 37.8.24.240/32 -j DROP
iptables -A INPUT -p all -s 37.8.40.88/32 -j DROP
iptables -A INPUT -p all -s 37.8.61.35/32 -j DROP
iptables -A INPUT -p all -s 37.8.40.204/32 -j DROP
iptables -A INPUT -p all -s 188.165.252.218/32 -j DROP
iptables -A INPUT -p all -s 178.162.205.217/32 -j DROP
iptables -A INPUT -p all -s 162.13.87.236/32 -j DROP
iptables -A INPUT -p all -s 198.27.87.94/32 -j DROP
iptables -A INPUT -p all -s 198.7.59.151/32 -j DROP
iptables -A INPUT -p all -s 37.8.25.210/32 -j DROP
iptables -A INPUT -p all -s 37.8.42.114/32 -j DROP
iptables -A INPUT -p all -s 162.13.149.220/32 -j DROP
iptables -A INPUT -p all -s 162.13.9.120/32 -j DROP
iptables -A INPUT -p all -s 54.200.235.239/32 -j DROP
iptables -A INPUT -p all -s 37.8.8.157/32 -j DROP
iptables -A INPUT -p all -s 198.7.57.188/32 -j DROP

#ALLOW GOOGLE DNS SERVRES
iptables -A INPUT -p all -s 8.8.8.8/32 -j ACCEPT
iptables -A INPUT -p all -s 8.8.4.4/32 -j ACCEPT

#ALLOWED PORTS
iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 81 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 82 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 84 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 88 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 96 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 5061 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 50001:50003 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 4520 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 123 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 69 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

#LOGGING ALL THE DROPPED PACKETS
iptables -A INPUT -j LOGGING
iptables -A LOGGING -m limit --limit 5/sec -j LOG --log-prefix "IPTables-Dropped: " --log-level 7
iptables -A LOGGING -j DROP
iptables -A INPUT -p all -s localhost -i eth0 -j DROP

#Setting the last reject rule for the chains
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT

#SAVE IPTABLES RULES
iptables-save > /etc/sysconfig/iptables
service iptables restart > /dev/null 2>&1

#If you are running fail2ban system, please uncomment the line beneath that reloads the service.
fail2ban-client reload

#End message
echo “[End iptables rules setting]”