25 May
2022
25 May
'22
7:15 p.m.
On 2022-05-25 11:44 a.m., dovecot@ptld.com wrote:
On 05-25-2022 11:28 am, Hippo Man wrote: In my case, that is not occurring. After issuing the iptables DROP command, the client can continue to send more and more login attempts. Only when the client disconnects does the block of the socket seem to work for that IP address. I continue to see numerous instances of this behavior.
Having this rule
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPTbefore the drop would have that behavior
Or, in your fail2ban (or other script) that adds the IP to be blocked, also call 'conntrack -D ${ip}' which will clear the current state from the firewall, requiring them to reconnect. This will then hit the DROP rule.