On Tue, Dec 31, 2013 at 12:18 AM, Tony Andersson
<BitFolkList(a)tony-andersson.com> wrote:
Realised the second after I pressed the send button
that the answer to
the ban issue is because those attacks are on ip v6
root@bitfolk:/etc/fail2ban# netstat -n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp6 0 1 85.119.82.79:80 121.168.45.218:1446 FIN_WAIT1
tcp6 0 1 85.119.82.79:80 24.186.158.213:61301 FIN_WAIT1
tcp6 0 1 85.119.82.79:80 67.180.245.251:17277 FIN_WAIT1
tcp6 0 1 85.119.82.79:80 71.218.243.152:25311 FIN_WAIT1
Those are IPv4 addresses, they should be firewalled by iptables as usual.
I think this happens when a service binds a socket to both ipv4 and
ipv6:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453272
Cheers,
Graham