perfSONAR User Q&A and Other Discussion

["Garnizov, Ivan (RRZE)" <>]

Hi Doug,

 

Certainly it should not be the case with these replications.

f2b-ssh is a rule coming from Fail2ban, which is trying to protect you from dictionary attacks.

And it is the case that fail2ban itself is trying to preempt any rule that is matching ssh traffic.

It is safe to remove the duplicated lines, but make sure the very first rule that matches the ssh traffic is of fail2ban "-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd”

 

Please note that every time fail2ban:

 - starts: it preempts the rules with this line,

  - shuts down: the script removes the lines,

 

If by any chance the service did not shut gracefully, you will end up with the leftovers in iptables.

 

Best regards,

Ivan

 

From: [mailto:] On Behalf Of Wussler, Doug
Sent: Dienstag, 5. April 2016 16:27
To:
Subject: [perfsonar-user] Duplicate Rules in iptables

 

I’m a new admin for our PerfSONAR servers.  I have performed fresh installs of our servers from the perfsonar_toolkit ISO, version 3.5.1.

I see that iptables has 10 instances of rule: "-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd”

and 11 instances of rule: "-A f2b-sshd -j RETURN"

I have not been able to find any info about the reason for these duplicates.

 

Do these multiple instances serve some sort of purpose or was it a mistake and can I remove them?

 

Doug

 

Doug Wussler

850.645.4201

Application Developer/Designer – Core Network Team

Information Technology Services

RK Shaw Building

644 W. Call Street

Tallahassee, FL  32304