fail2ban responding to attacks even though all hosts are blocked
I recently checked my /etc/hosts.deny file and found there were hundreds of entries of the form
ALL: <ip address>
presumably added by fail2ban. However, I already had
in /etc/hosts.deny, and only
sshd: avs-workstation.avs-net avs-laptop.avs-net
(two hostnames which resolve to IP addresses on my local network).
So a few questions about this:
1) If I am blocking all but two local hosts, why are any attacks getting far enough for fail2ban to detect them in the log files
2) If I have ALL: all in /etc/hosts.deny, is there any point running fail2ban at all?
3) How have these attacks got through my router when I haven't set up port forwarding?
Thanks in advance,