IPFW IPFW & fail2ban does not work?

Hi,

I have configured sysutils/py-fail2ban to catch unauthorized logins, and it adds in IPFW some entries:
Code:
2015-05-06 00:11:49,554 fail2ban.filter  [17272]: INFO  [dovecot] Found 8.36.68.4
2015-05-06 00:11:51,625 fail2ban.filter  [17272]: INFO  [dovecot] Found 8.36.68.4
ipfw list
Code:
00001 deny ip from table(1) to me
00010 allow ip from any to any via lo0
00020 check-state
ipfw table 1 list
Code:
8.36.68.4/32 0

But there are still connections from this IP address on the same port. Anyone have any idea why?
 
What is the "state" of those connections in netstat -an? A TCP socket can be option a surprisingly long time so if the connection gets cut before it closed it could be idle for some time. Consider a logging rule before the drop so you get feedback that the table does indeed match the packet. Also consider doing a tcpdump(1) to see if there is actually any back and forth traffic going to that address.
 
Back
Top