IPFW not locking people out

Posted by Cole on Super User See other posts from Super User or by Cole
Published on 2012-03-30T03:52:30Z Indexed on 2012/03/30 5:34 UTC
Read the original article Hit count: 555

Filed under:

security

|

blocking

|

ipfw

I've had some brute-forcing of my ssh connection recently, so I got fail2ban to hopefully prevent that. I set it up, and started testing it out by giving wrong passwords on my computer. (I have physical access to the server if I need to unblock myself) However, it never stops me from entering passwords.

I see in /var/log/fail2ban.log that fail2ban kicked in and banned me, and there's a ipfw entry for my IP, but I'm not locked out. I've changed the configuration around, and then tried just using the ipfw command myself, but nothing seems to lock me out. I've tried the following blocks:

65300 deny tcp from 10.0.1.30 to any in
65400 deny ip from 10.0.1.30 to any
65500 deny tcp from 10.0.1.30 to any

My firewall setup has a "allow ip from any to any" rule after these though, maybe that's the problem?

I'm using Mac OS 10.6 (stock ipfw, it doesn't seem to have a --version flag)

Thanks in advance.

© Super User or respective owner

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More

Related posts about blocking

Non-Blocking I/O Made Possible in Java

as seen on Internet.com - Search for 'Internet.com'
Java SE7 "Dolphin" release is nearing and we're chomping at the bit. So let's dig in and review non-blocking IO, a feature of java.nio (New I/O) package that is a part of Java v1.4, v1.5 and v1.6 and we'll also take a peek at the java.nio.file (NIO.2) package. >>> More
Non-Blocking I/O Made Possible in Java

as seen on Internet.com - Search for 'Internet.com'
Java SE7 "Dolphin" release is nearing and we're chomping at the bit. So let's dig in and review non-blocking IO, a feature of java.nio (New I/O) package that is a part of Java v1.4, v1.5 and v1.6 and we'll also take a peek at the java.nio.file (NIO.2) package. >>> More
Generate a proper 404 page for blocked sites via /etc/hosts instead of redirect to localhost

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have blocked some websites by editing /etc/hosts and adding several newline-entries in the following manner: 0.0.0.0 www.domain.com And it works. The only thing is: when a website is visited which is blocked, the browser is redirected to my http://localhost, resulting in a directory listing or… >>> More
Block a website on HTTPS [closed]

as seen on Programmers - Search for 'Programmers'
I would like to block some websites on their HTTPS version and allow them on HTTP. The main websites involved are Youtube and Google Images/Videos. This is because on the HTTP version, I can enforce the Safesearch filter on those platforms, whereas I cannot on the HTTPS version. For me, this is a… >>> More
What should we tell our unsupported IE6 users?

as seen on Programmers - Search for 'Programmers'
In the upcoming version of our web app, we've broken IE6, and we don't intend to fix it. We've had a clear warning posted for IE6 users for some months; we've decided it's time not to support it. My question is: how should we communicate this to our users? Some people here feel that we should block… >>> More