<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body><div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"># Generated by iptables-save v1.4.7 on Wed May 13 09:34:19 2015</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">*filter</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">:INPUT DROP [4:225]</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">:FORWARD ACCEPT [0:0]</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">:OUTPUT ACCEPT [1073:2215006]</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">:fail2ban-SSH - [0:0]</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -i lo -j ACCEPT</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -p tcp -m state --state NEW -m tcp --dport 8000 -j ACCEPT</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -p udp -m state --state NEW -m udp --dport 8000 -j ACCEPT</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -p tcp -m state --state NEW -m tcp --dport 4505 -j ACCEPT</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -p tcp -m state --state NEW -m tcp --dport 4506 -j ACCEPT</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 5.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 23.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 43.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 58.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 59.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 60.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 61.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 70.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 77.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 83.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 91.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 113.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 117.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 119.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 146.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 147.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 157.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 173.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 182.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 183.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 190.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 192.64.0.0/16 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 201.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 203.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 213.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 218.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 222.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A INPUT -s 229.0.0.0/8 -j DROP</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A fail2ban-SSH -s 213.30.22.232/32 -j REJECT --reject-with icmp-port-unreachable</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A fail2ban-SSH -s 61.183.22.139/32 -j REJECT --reject-with icmp-port-unreachable</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">-A fail2ban-SSH -j RETURN</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;">COMMIT</span><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><br></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"># Completed on Wed May 13 09:34:19 2015</span><br></div>
<div> </div>
<div> </div>
<div> </div>
<div>On Wed, May 13, 2015, at 10:10, Tim Randles wrote:<br></div>
<blockquote type="cite"><div dir="ltr">Do you have an iptables rule ahead of that drop rule allowing SSH inbound?<br></div>
<div><div> </div>
<div><div>On Wed, May 13, 2015 at 7:28 AM, Steve VanSlyck <span dir="ltr"><<a href="mailto:s.vanslyck@postpro.net">s.vanslyck@postpro.net</a>></span> wrote:<br></div>
<blockquote style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204, 204, 204);border-left-style:solid;padding-left:1ex;"><div><u></u><br></div>
<div><div>Hi.<br></div>
<div> </div>
<div>I have this rule set it IPTABLES:<br></div>
<div> </div>
<div>Chain INPUT (policy DROP 1 packets, 44 bytes)<br></div>
<div> pkts bytes target prot opt in out source destination<br></div>
<div> </div>
<div> 4 212 DROP all -- * * <a href="http://213.0.0.0/8">213.0.0.0/8</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a><br></div>
<div> </div>
<div>However I still see attacks from 213.30.22.232 with username attempts in the log. It seems iptables is not dropping the connection if it gets to the point where submitting a user login name is allowed.<br></div>
<div> </div>
<div>Comments?<br></div>
<div> </div>
</div>
<div> </div>
<div>_______________________________________________<br></div>
<div>
colug-432 mailing list<br></div>
<div> <a href="mailto:colug-432@colug.net">colug-432@colug.net</a><br></div>
<div> <a href="http://lists.colug.net/mailman/listinfo/colug-432">http://lists.colug.net/mailman/listinfo/colug-432</a><br></div>
<div> </div>
</blockquote></div>
<div> </div>
</div>
<div><u>_______________________________________________</u><br></div>
<div>colug-432 mailing list<br></div>
<div><a href="mailto:colug-432@colug.net">colug-432@colug.net</a><br></div>
<div><a href="http://lists.colug.net/mailman/listinfo/colug-432">http://lists.colug.net/mailman/listinfo/colug-432</a><br></div>
</blockquote><div> </div>
</body>
</html>