I have tried to setup fail2ban on a machine running OpenSuSE 11. Everything looks fine, except the machine restarts the firewall whenever the DHCP lease is renewed, thus flushing all the fail2ban rules (I think.). It seems to me that a quick fix would be to have the system restart fail2ban whenever the firewall is restarted. Has anyone else encountered this issue? .and come up with a solution? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100726/e521ca6a/attachment.htm
On Mon, Jul 26, 2010 at 10:36 AM, Brent A. Torrenga <lists at torrenga.com> wrote:> I have tried to setup fail2ban on a machine running OpenSuSE 11.? Everything > looks fine, except the machine restarts the firewall whenever the DHCP lease > is renewed, thus flushing all the fail2ban rules (I think?).? It seems to me > that a quick fix would be to have the system restart fail2ban whenever the > firewall is restarted.? Has anyone else encountered this issue?? ?and come > up with a solution?I believe there's a way to make the rules persist in a file. (see the fail2ban docs) /r
> The problem sounds like fail2ban is failing to write the new rules to a>permanent file, which would otherwise allow the rules to persist after a>reboot.Tilghman, That is exactly right. I'm thinking I need to revise the SuSEfirewall init scripts to follow up with restarting fail2ban, but then I think fail2ban will need to have a persistent jail after restarting, which I did find online.>I am a big fan of centralized management, so I prefer to do that ratherthan have static IP addresses on the network (except of course where absolutely essential).>For the OP: maybe a workaround is to assign a fixed IP address from yourDHCP server and use a very long lease time? John, Agreed re management. The lease would have to be real long, like a year or so. That would do the trick. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100727/d676b90d/attachment-0001.htm