ufw firewall with fail2ban and established connections

[ckruijntjens]

Hi All,

I have a problem. I installed debian buster with fail2ban and ufw. Now all works as it should for 1 thing. If an ip is banned and the clients still has the connection open it wont be blocked. (so an attacker could yust try endless as long he does not close the connection)

When i close the browser i can not connect anymore. (as it should be) Why is ufw not blocking established connections?

[ckruijntjens]

Hi All,


I allredeay find the solution.

Yust after the ban i am running
conntrack --flush

Then the connections is disconnected.

issue resolved.

[reinob]

Hi All,

I have a problem. I installed debian buster with fail2ban and ufw. Now all works as it should for 1 thing. If an ip is banned and the clients still has the connection open it wont be blocked. (so an attacker could yust try endless as long he does not close the connection)

When i close the browser i can not connect anymore. (as it should be) Why is ufw not blocking established connections?

It all depends on which action fail2ban is taking. Assuming you're using the ufw.conf action it does "ufw insert 1 reject from <ip> to <destination> $app"

I don't use ufw so I don't know how it adds the rule. I suppose it's a front-end to iptables so you could "iptables -L" and inspect the rule. It probably applies only to NEW connections, so those which are already ESTABLISHED won't be affected.

So you either live with that (normally a connection you wish to block is not long-lived so I don't see why you have a problem with that), or you tweak ufw.conf or ufw itself to block connections regardless of state, or you use another method ("route" is a nice and easy one).