search for: allports

Are virtual IPs supported on eth interfaces in domU(s)? Thanks _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users

...to get fail2ban to get rid of troublesome sshd login attempts. /etc/fail2ban/jail.conf has these sections: [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 6 # Generic filter for pam. Has to be used with action which bans all ports # such as iptables-allports, shorewall [pam-generic] enabled = false # pam-generic filter can be customized to monitor specific subset of 'tty's filter = pam-generic # port actually must be irrelevant but lets leave it all for some possible uses port = all banaction = iptables-allports port = anyport logpath...

...it has generated "maxretry" during the last "findtime" # seconds. findtime = 300 # "maxretry" is the number of failures before a host get banned. maxretry = 3 [asterisk-iptables] enable = true port = 5060,5061 filter = asterisk action = iptables-allports[name=ASTERISK, protocol=all] sendmail[name=ASTERISK, dest=motty at email.com, sender=fail2ban at asterisk-ip.com] #action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]...

I need some help understanding SIP dialog. Some actor is trying to access my server, but I can't figure out what he's trying to do ,or how. I'm getting a lot of these warnings. [May 17 10:08:08] WARNING[1532]: chan_sip.c:4068 retrans_pkt: Retransmission timeout reached on transmission _zIr9tDtBxeTVTY5F7z8kD7R.. for seqno 101 With SIP DEBUG I tracked the Call-ID to this INVITE :

...;' failed for 'offending-IP:53911' - Wrong password # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 300 [asterisk-iptables] enable = true port = 5060,5061 filter = asterisk action = iptables-allports[name=ASTERISK, protocol=all] sendmail[name=ASTERISK, dest=motty at email.com <mailto:dest=motty at email.com> , sender=fail2ban at asterisk-ip.com <mailto:sender=fail2ban at asterisk-ip.com> ] #action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", pr...

Tonight I added fail2ban to one of my webservers to test it out. Here is my step by step, as best as I could figure it out...documentation a bit sketchy. feel free to add anything to it or suggest changes. I tried to set it up to deal with ssh, http authentication, dovecot, ftp, and postfix I could find no working example for centos 6 and there is no fail2ban book available to peruse. So,

I am working to a CentOS 6 server with nonstandard iptables system without rule for ACCEPT ESTABLISHED connections. All tables and chains empty (flush by legacy custom script) so only filter/INPUT chain has rules (also fail2ban chain): Chain INPUT (policy ACCEPT) target prot opt source destination f2b-postfix tcp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all --

...exten => _+X.,1,Log(WARNING,fail2ban='${CHANNEL(peerip)}') > exten => _+X.,2,Set(CDR(UserField)=SIP PEER IP: ${CHANNEL(peerip)}) > exten => _+X.,3,HangUp() > > > > in /etc/fail2ban/jail.conf: > > [asterisk] > filter???= asterisk > action = iptables-allports[name=ASTERISK] > logpath??= /var/log/asterisk/messages > maxretry = 1 > findtime = 86400 > bantime??= 518400 > enabled = true > > > in /etc/fail2ban/filter.d > > # Fail2Ban configuration file > # > # > # $Revision: 250 $ > # > > [INCLUDES] > &...

...e is part of the fail2ban-firewalld package to configure the use of # the firewalld actions as the default actions. You can remove this package # (along with the empty fail2ban meta-package) if you do not use firewalld [DEFAULT] banaction = firewallcmd-ipset[actiontype=<multiport>] banaction_allports = firewallcmd-ipset[actiontype=<allports>] A few days ago I noticed that on restart firewalld complains about a missing ipset: [root at server ~]# systemctl restart firewalld [root at server ~]# systemctl status firewalld ? firewalld.service - firewalld - dynamic firewall daemon Loaded:...