IP’s not blocked despite SecAst saying they are

IP’s not blocked despite SecAst saying they areCustomer Inquiry2016-11-27T18:00:35-05:00

Viewing 2 posts - 1 through 2 (of 2 total)

Author

Posts
Customer Inquiry
Participant

November 27, 2016 at 6:00 pm

Post count: 201

#6418

SecAst says IP’s are being blocked but they’re not. They keep on attacking my system. I’m using iptables on the local machine to block attackers.

Telium Support Group
Moderator

November 27, 2016 at 6:58 pm

Post count: 263

#6627

The most likely cause is that the banned IP’s are not being handled properly by the firewall. There is also a known issue with fail2ban – in case you are attempting to run fail2ban alongside SecAst.

If you are using local IPtables to block attackers, ensure that the SECAST chain exists, and that the first rule on the INPUT chain jumps to target chain SECAST. For example, the command “iptables –L” should show something like:

Chain INPUT (policy ACCEPT)
target prot opt source destination
SECAST all — anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain SECAST (1 references)
target prot opt source destination
RETURN all — anywhere anywhere
Author

Posts

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.