Fail2Ban (I think) is blocking me from my own MIAB


#1

I have now experienced this twice. The first time it happened, I chose to use the opportunity to change hosts since I had been wanting to for a while and I did not troubleshoot to the degree I typically do.

Right now, something is preventing our public IP from our ISP from connecting to any services on the MIAB server. I suspect it’s Fail2Ban.

It’s a bad day to spend much time on it right now, but I can confirm that I CAN access server (ssh, ftp, mail client, etc…) when I am running through a VPN or on a network other than home wired/wifi. This, of course, gives me a different IP that isn’t being blocked.

Any ideas why our IP would get blocked under a normal access scenario?
Do software updates/upgrades overwrite Fail2Ban configs and possibly remove whitelisted IPs?
What is the best config for Fail2Ban/MIAB to prevent this or keep our home network whitelisted?

As I mentioned, I haven’t got time this morning to properly troubleshoot or inspect logs - I’m making a best guess based on the behavior. And since I’m not a full time sysadmin I’d like input from people smarter than me.

MIAB is only running email for my family and my media production company so traffic should not be an issue, nor should failed logins.

Server is not appearing on any blacklists, and I do not suspect a breach at this time.

Thanks -


#2

I would monitor network traffic, make sure all your users passwords are updated(one tablet or computer with an invalid password will get F2B to block your office IP)


#3

I’ll need to check some devices but that makes sense.

I have had a chance to check jails and this is what I found…

Chain f2b-recidive (1 references)
target prot opt source destination
REJECT all – 140.ip-54-38-214.eu anywhere reject-with icmp-port-unreachable
REJECT all – static-epm200-13-244-219.epm.net.co anywhere reject-with icmp-port-unreachable
REJECT all – 122.154.163.115 anywhere reject-with icmp-port-unreachable
REJECT all — MY IP SHOWED UP HERE anywhere reject-with icmp-port-unreachable
RETURN all – anywhere anywhere

What is this jail and what triggers an IP to be added to it?