14:23 <clever> gchristensen: and today, in networking oddness!

14:23 <clever> ssh: connect to host router port 22: Connection refused

14:23 <clever> 10:23:42.659847 IP 192.168.2.32.53498 > 192.168.2.1.22: Flags [S], seq 1854750172, win 64240, options [mss 1460,sackOK,TS val 3281424116 ecr 0,nop,wscale 7], length 0

14:23 <gchristensen> oh no

14:23 <clever> tcpdump shows no sign of a connecting being refused

14:24 <clever> wtf?

14:25 <clever> nmap shows all the expected ports as being open on the router, except 22

14:25 <clever> wtf?

14:25 <gchristensen> :o

14:26 <clever> 10:26:15.693263 IP 192.168.2.1 > 192.168.2.32: ICMP 192.168.2.1 tcp port 22 unreachable, length 68

14:26 <clever> aha!

14:26 <clever> it was icmp, so my filter excluded it

14:28 <clever> -A f2b-SSH -s 192.168.2.32/32 -j REJECT --reject-with icmp-port-unreachable

14:28 <clever> gchristensen: wut...

14:28 <clever> Nov 27 14:19:17 router .fail2ban-serve[1218]: fail2ban.actions [1218]: NOTICE [ssh-iptables] Ban 192.168.2.32

14:46 <andi-> So, lets talk fail2ban. What does it really provide you? We all agree that there should not be any password logins. Right?

14:47 <andi-> I constantly run into scenarios where some (grey bearded) admin installed fail2ban on production systems. Whenever I am on a train or some other flaky network I hit the ~30min ban timer because connecting sometimes just fails for 3 times in a row (me being slow typing an OTP, the network dropping in the middle of the handshake, …)

14:48 <gchristensen> I run it out of habit :x

14:52 <clever> i just turned it on becayse "why not" and then forgot to configure anything within it, lol