search for: actionban

Hi, I realise that one can simply start fail2ban and then it will insert its own ruleset before shorewall''s ruleset. Are there subscribers to this list having alternative (and probably better) ways to use both fail2ban and shorewall? Thanks, Mark ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90

...nd of Fail2Ban # Values: CMD # actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name> iptables -F fail2ban-<name> iptables -X fail2ban-<name> # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]' # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page...

Hi Robert, On 07/18/2017 11:43 PM, Robert Schetterer wrote: > i guess not, but typical bots arent using ssl, check it > > however fail2ban sometimes is to slow I have configured dovecot with auth_failure_delay = 10 secs I hope that before the 10 sec are over, dovecot will have logged about the failed login attempt, and fail2ban will have blocked the ip by then. MJ

I am working to a CentOS 6 server with nonstandard iptables system without rule for ACCEPT ESTABLISHED connections. All tables and chains empty (flush by legacy custom script) so only filter/INPUT chain has rules (also fail2ban chain): Chain INPUT (policy ACCEPT) target prot opt source destination f2b-postfix tcp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all --

...conf: [imap] ... action = ipset[name=imap-bl] /etc/fail2ban/action.d/ipset.conf: [Definition] # fail2ban tracks, so we dont use ipset timeout actionstart = /usr/sbin/ipset -exist create <name> hash:ip maxelem 131072 actionstop = /usr/sbin/ipset -exist flush <name> actioncheck = actionban = /usr/sbin/ipset -exist add <name> <ip> actionunban = /usr/sbin/ipset -exist del <name> <ip> You may have to ensure the ipset is present before referencing it in iptables, for example, Redhat-alikes will have an ipset init script that operates in exactly the same way as...