Hi, I realise that one can simply start fail2ban and then it will insert its own ruleset before shorewall''s ruleset. Are there subscribers to this list having alternative (and probably better) ways to use both fail2ban and shorewall? Thanks, Mark ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
Den 2012-03-18 02:04, Mark skrev:> list having alternative (and probably better) ways to use both > fail2ban > and shorewall?action.d/shorewall does shorewall allow/drop ip just got tired of fail2ban and maked permenent blacklist for the most abusive ips, using spamhaus drop as blacklist helps aswell just a shame its using rambased lists, and that its does not support ipv6 :( there is autofwd aswell that is more simple and does support ipv6 ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
Mark wrote:>I realise that one can simply start fail2ban and then it will insert its >own ruleset before shorewall''s ruleset.That''s what I do, and configure Shorewall to restart Fail2Ban after a start/restart so it can put it''s chains back in. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On 18/03/12 11:04, Mark wrote:> Hi, > > I realise that one can simply start fail2ban and then it will insert its > own ruleset before shorewall''s ruleset. Are there subscribers to this > list having alternative (and probably better) ways to use both fail2ban > and shorewall?Here''s what i do to prevent both incoming and outgoing traffic to hosts banned by fail2ban. /etc/fail2ban/action.d/shorewall.local: [Definition] actionstart actionstop actioncheck actionban = shorewall drop <ip> actionunban = shorewall allow <ip> /etc/fail2ban/action.d/route.local: [Definition] actionstart actionstop actioncheck actionban = ip route add unreachable <ip> actionunban = ip route del unreachable <ip> /etc/fail2ban/jail.local: ... [DEFAULT] banaction=shorewall route ... Here''s the full recipe (probably won''t make much sense to non-puppet users): https://github.com/paulgear/puppet/tree/96e9efcdf31807c00065baebed0a8177a4cdeba8/modules/fail2ban Paul ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On Fri, 23 Mar 2012 12:08:02 +1000 Paul Gear <paul@gear.dyndns.org> wrote:> On 18/03/12 11:04, Mark wrote: > > Hi, > > > > I realise that one can simply start fail2ban and then it will > > insert its own ruleset before shorewall''s ruleset. Are there > > subscribers to this list having alternative (and probably better) > > ways to use both fail2ban and shorewall? > > Here''s what i do to prevent both incoming and outgoing traffic to > hosts banned by fail2ban. > > /etc/fail2ban/action.d/shorewall.local: > > [Definition] > actionstart > actionstop > actioncheck > actionban = shorewall drop <ip> > actionunban = shorewall allow <ip> > > /etc/fail2ban/action.d/route.local: > > [Definition] > actionstart > actionstop > actioncheck > actionban = ip route add unreachable <ip> > actionunban = ip route del unreachable <ip> > > /etc/fail2ban/jail.local: > > ... > [DEFAULT] > banaction=shorewall > route > ... > > Here''s the full recipe (probably won''t make much sense to non-puppet > users): > > https://github.com/paulgear/puppet/tree/96e9efcdf31807c00065baebed0a8177a4cdeba8/modules/fail2ban > > Paul >That''s great. Thanks, Paul! ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure