- Server operating system version
- CentOS Linux 7.9.2009 (Core)
- Plesk version and microupdate number
- Plesk Obsidian Version 18.0.49
Hello all!)
I have a BIG 1 rule in my firewall, that blocks connections to server on mail ports (25,110,143,993,995,2525).
Why it is BIG? Because in this rule i have a large list of IP addresses and IP blocks/nets (like 46.148.40.0/24). I collect IP addresses which appears in fail2ban (recidive) list with more than 50 authentication failures per day.
Question:
Why somebody can still connect from IP addresses which are already in "banned" list in firewall rule?
Does firewall rule has an limit for IP addresses quantity? (may be limit reached and this rule doesn't work at all)
Does this logic works at all? (collect and ban IP's and IP blocks/nets)
It worked like a charm 2 years, but now I see connections from banned IP's ((
Thank you in advance.
P.S. the rule: Deny incoming from [many IP's] on ports [all mail ports with /tcp].
I have a BIG 1 rule in my firewall, that blocks connections to server on mail ports (25,110,143,993,995,2525).
Why it is BIG? Because in this rule i have a large list of IP addresses and IP blocks/nets (like 46.148.40.0/24). I collect IP addresses which appears in fail2ban (recidive) list with more than 50 authentication failures per day.
Question:
Why somebody can still connect from IP addresses which are already in "banned" list in firewall rule?
Does firewall rule has an limit for IP addresses quantity? (may be limit reached and this rule doesn't work at all)
Does this logic works at all? (collect and ban IP's and IP blocks/nets)
It worked like a charm 2 years, but now I see connections from banned IP's ((
Thank you in advance.
P.S. the rule: Deny incoming from [many IP's] on ports [all mail ports with /tcp].