IP's not blocked despite SecAst saying they are

Configuring detection parameters, and optimizations
Post Reply
User avatar
CRM User
Posts: 175
Joined: Sun Nov 27, 2016 3:41 pm

IP's not blocked despite SecAst saying they are

Post by CRM User » Sun Nov 27, 2016 6:00 pm

SecAst says IP’s are being blocked but they’re not. They keep on attacking my system. I'm using iptables on the local machine to block attackers.
Account for questions transferred from CRM system
User avatar
Telium Support
Posts: 235
Joined: Sun Nov 27, 2016 3:27 pm

Re: IP's not blocked despite SecAst saying they are

Post by Telium Support » Sun Nov 27, 2016 6:58 pm

The most likely cause is that the banned IP’s are not being handled properly by the firewall. There is also a known issue with fail2ban – in case you are attempting to run fail2ban alongside SecAst.

If you are using local IPtables to block attackers, ensure that the SECAST chain exists, and that the first rule on the INPUT chain jumps to target chain SECAST. For example, the command “iptables –L” should show something like:

Chain INPUT (policy ACCEPT)
target prot opt source destination
SECAST all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain SECAST (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere


NOTE: You should always block attackers at the firewall (don't let them onto your network). SecAst offers local iptables/firewalld compatability only for testing or SOHO use.
Post Reply