ufw firewall with fail2ban and established connections

Kernels & Hardware, configuring network, installing services

ufw firewall with fail2ban and established connections

Postby ckruijntjens » 2019-10-02 12:18

Hi All,

I have a problem. I installed debian buster with fail2ban and ufw. Now all works as it should for 1 thing. If an ip is banned and the clients still has the connection open it wont be blocked. (so an attacker could yust try endless as long he does not close the connection)

When i close the browser i can not connect anymore. (as it should be) Why is ufw not blocking established connections?
ckruijntjens
 
Posts: 4
Joined: 2019-10-02 12:14

Re: ufw firewall with fail2ban and established connections

Postby ckruijntjens » 2019-10-02 12:34

Hi All,


I allredeay find the solution.

Yust after the ban i am running
conntrack --flush

Then the connections is disconnected.

issue resolved.
ckruijntjens
 
Posts: 4
Joined: 2019-10-02 12:14

Re: ufw firewall with fail2ban and established connections

Postby reinob » 2019-10-02 12:46

ckruijntjens wrote:Hi All,

I have a problem. I installed debian buster with fail2ban and ufw. Now all works as it should for 1 thing. If an ip is banned and the clients still has the connection open it wont be blocked. (so an attacker could yust try endless as long he does not close the connection)

When i close the browser i can not connect anymore. (as it should be) Why is ufw not blocking established connections?


It all depends on which action fail2ban is taking. Assuming you're using the ufw.conf action it does "ufw insert 1 reject from <ip> to <destination> $app"

I don't use ufw so I don't know how it adds the rule. I suppose it's a front-end to iptables so you could "iptables -L" and inspect the rule. It probably applies only to NEW connections, so those which are already ESTABLISHED won't be affected.

So you either live with that (normally a connection you wish to block is not long-lived so I don't see why you have a problem with that), or you tweak ufw.conf or ufw itself to block connections regardless of state, or you use another method ("route" is a nice and easy one).
reinob
 
Posts: 773
Joined: 2014-06-30 11:42


Return to System configuration

Who is online

Users browsing this forum: eoffer and 12 guests

fashionable