I’m seeing a lot of fail2ban usage on my PBX and sometimes so many attempts that my system doesn’t seem to work well. I want to use iptables to block all traffic that is not part of my internal network or my istp. I’m just not sure I’m using it right. Here’s what I have:
*filter
:INPUT DROP[5508:1363194]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [233660:32435509]
:fail2ban-BadBots - [0:0]
:fail2ban-FTP - [0:0]
:fail2ban-PBX-GUI - [0:0]
:fail2ban-SIP - [0:0]
:fail2ban-SSH - [0:0]
-A INPUT -p tcp -j fail2ban-FTP
-A INPUT -p tcp -j fail2ban-PBX-GUI
-A INPUT -j fail2ban-SIP
-A INPUT -p tcp -j fail2ban-BadBots
-A INPUT -p tcp -j fail2ban-SSH
-A fail2ban-BadBots -j RETURN
-A fail2ban-FTP -j RETURN
-A fail2ban-PBX-GUI -j RETURN
-A fail2ban-SSH -j RETURN
-I INPUT 1 -s 192.168.0.0/16 -j ACCEPT
-I INPUT 1 -s 208.xxx.xxx.xxx/32 -j ACCEPT
The problem is I’m still blocking all the traffic unless I change that
:INPUT DROP[5508:1363194]
to :INPUT ACCEPT[5508:1363194]
What am I doing wrong?