search for: input_direct

On Monday 29 April 2019 02:21:05 Gordon Messmer wrote: > That's one approach.? I believe that you could modify fewer files by > setting "port = 0:65535" in your definition in "jail.local" and not > install firewallcmd-ipset.local. I have just tried this, and re-started fail2ban. It does not seem to have worked. I have looked at /var/log/exim/main.log and found

...ngSSH#head-3579222198adaf43a3ecbdc438ebce74da40d8ec Suggest to add the following info to it pertinent section: ------ 6. Filter SSH at the Firewall complementary to iptables method, there is firewall-cmd for newer systems using FirewallD: firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp --dport 22 -m state --state NEW -m recent --set firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 1 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j REJECT --reject-with tcp-reset firewall-cmd --reload ------ Please advise. Kind Re...

...nning (CentOS 7.1) and run a Update to 7.2 on this system all is working ? BUT I install a new system with CentOS 7 1511 on this systems fail2ban don't work anymore. I have this error or more, in the firewalld 2015-12-19 08:39:55 ERROR: COMMAND_FAILED: '/sbin/iptables -w2 -t filter -I INPUT_direct 1 -p tcp -m multiport --dports ssh -m set --match-set fail2ban- sshd src -j REJECT --reject-with icmp-port-unreachable' failed: iptables v1.4.21: Set fail2ban-sshd doesn't exist. Try `iptables -h' or 'iptables --help' for more...

...t's all that's in jail.local, then the jail shouldn't be enabled.? They're off by default.? I'd suggest that you remove fail2ban completely.? Remove the packages, and then delete /etc/fail2ban, and start again. When you're done, look at the output of "iptables -n -L INPUT_direct": # iptables -n -L INPUT_direct Chain INPUT_direct (1 references) target???? prot opt source?????????????? destination REJECT???? tcp? --? 0.0.0.0/0??????????? 0.0.0.0/0 match-set fail2ban-sshd src reject-with icmp-port-unreachable

Hi I would like to add rules into the iptables of the Hosted Engine VM in Ovirt. the version is oVirt Engine Version: 4.1.1.8-1.el7.centos I have tried using the normal process for iptables (iptables-save etc), but it seems that the file /etc/sysconfig/iptables this is ignored in the Ovirt Engine VM. How can I add permanent rules into the Engine VM? Kind regards Andrew

...Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 799 156K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 22 1592 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0 22 1592 INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 22 1592 INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 2 224 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 17 1140 R...

Hello Julien, Am Tue, 15 Jan 2019 09:30:23 +0100 schrieb Julien dupont <marcelvierzon at gmail.com>: > In that case I see: > IP 172.16.0.3 > 192.168.1.1: ICMP echo request, id2135, seq1, length 64 > IP 172.16.0.3 > 192.168.1.1: ICMP echo request, id2135, seq2, length 64 > IP 172.16.0.3 > 192.168.1.1: ICMP echo request, id2135, seq3, length 64 > > Packet goes

...to 7.2 on this system > all is working ? > > BUT I install a new system with CentOS 7 1511 on this systems fail2ban don't > work anymore. I have this error or more, in the firewalld > > 2015-12-19 08:39:55 ERROR: COMMAND_FAILED: '/sbin/iptables -w2 -t filter -I > INPUT_direct 1 -p tcp -m multiport --dports ssh -m set --match-set fail2ban- > sshd src -j REJECT --reject-with icmp-port-unreachable' failed: iptables > v1.4.21: Set fail2ban-sshd doesn't exist. > > Try `iptables -h' or 'iptables -...

On Mon, December 18, 2017 3:06 am, Alex JOST wrote: > Did you enable the dovecot service in fail2ban? By default all jails are > disabled. > > /etc/fail2ban/jail.conf: > [dovecot] > enabled = true Alex, thanks no, not in jail.conf, I've put it in the (1) /etc/fail2ban/jail.local I've also added postfix, that seems to work: I've made test failed dovecot and

Yesterday I noticed that I was not able to ping one of our development servers so I logged in via VNC and ran the Firewalld GUI. To my surprise, except for the interface definition for public and trusted zones, nothing seemed to be configured. That is, none of the services were checked off that we want open at the firewall. Also, this server is a gateway and masquerading and forwarding appears