Displaying 20 results from an estimated 8000 matches similar to: "iptables - how to block established connections with fail2ban?"
2020 Jan 01
1
Nasty Fail2Ban update for Centos 7
P? Tue, 31 Dec 2019 18:53:38 +0000
John H Nyhuis <jnyhuis at uw.edu> skrev:
> Just a random stab in the dark, but CEntOS6 was iptables, and CentOS7
> is firewalld. They take different fail2ban packages.
>
> CentOS6 = fail2ban
> CentOS7 = fail2ban-firewalld
>
> Are you sure you are running the correct fail2ban package for your
> firewall? (I screwed this up myself
2020 Apr 07
3
fail2ban ban not working
I have fail2ban on my mail server monitoring Dovecot and Exim.
I have noticed that it has stopped banning IP's. I have seen in /var/log/fail2ban.log:
2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO [dovecot] Found 77.40.61.224 - 2020-04-07 09:42:05
2020-04-07 09:42:06,408 fail2ban.actions [16138]: NOTICE [dovecot] Ban 77.40.61.224
2020-04-07 09:42:06,981
2015 Oct 29
2
Semi-OT: fail2ban issue
On a CentOS 6.7 system that's been running fail2ban for a long time, we
recently started seeing this:
ct 28 19:00:59 <servername> fail2ban.action[17561]: ERROR iptables -w -D
INPUT -p tcp --dport ssh -j f2b-SSH#012iptables -w -F f2b-SSH#012iptables
-w -X f2b-SSH -- stderr: "iptables v1.4.7: option `-w' requires an
argument\nTry `iptables -h' or 'iptables --help' for
2020 Feb 26
3
CentOS 7 : SELinux trouble with Fail2ban
On Feb 26, 2020, at 08:52, Nicolas Kovacs <info at microlinux.fr> wrote:
>
>> Le 26/02/2020 ? 11:51, Nicolas Kovacs a ?crit :
>> SELinux is preventing /usr/bin/python2.7 from read access on the file disable.
>> ***** Plugin catchall (100. confidence) suggests *****
>> If you believe that python2.7 should be allowed read access on the disable file by default.
2020 Feb 13
3
CentOS 7, Fail2ban and SELinux
Hi,
I'm running CentOS 7 on an Internet-facing server. SELinux is in permissive
mode for debugging. I've removed FirewallD and replaced it with a custom-made
Iptables script. I've also installed and configured Fail2ban (fail2ban-server
package) to protect the server from brute force attacks.
Out of the box, Fail2ban doesn't seem to play well with SELinux. Here's what I
2011 Aug 09
3
fail2ban help
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In jail.conf I use the following syntax:
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=my at email]
logpath = /var/log/maillog
maxretry = 6
and the following filter:
2020 Feb 26
5
CentOS 7 : SELinux trouble with Fail2ban
Hi,
Some time ago I had SELinux problems with Fail2ban. One of the users on this
list suggested that it might be due to the fact that I'm using a bone-headed
iptables script instead of FirewallD.
I've spent the past few weeks getting up to date with doing things in a more
orthodox manner. So currently my internet-facing CentOS server has a nicely
configured NetworkManager, and
2020 Apr 09
2
fail2ban firewalld problems with current CentOS 7
Hi!
I have a server running CentOS 7.7 (1908) with all current patches installed.
I think this server should be a quite standard installation with no specialities
On this server I have fail2ban with an apache and openvpn configuration.
I'm using firewalld to manage the firewall rules.
Fail2an is configured to use firewalld:
[root at server ~]# ll /etc/fail2ban/jail.d/
insgesamt 12
2012 Mar 18
4
fail2ban
Hi,
I realise that one can simply start fail2ban and then it will insert its
own ruleset before shorewall''s ruleset. Are there subscribers to this
list having alternative (and probably better) ways to use both fail2ban
and shorewall?
Thanks,
Mark
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90
2017 Dec 17
1
ot: fail2ban dovecot setup
On Mon, December 18, 2017 3:06 am, Alex JOST wrote:
> Did you enable the dovecot service in fail2ban? By default all jails are
> disabled.
>
> /etc/fail2ban/jail.conf:
> [dovecot]
> enabled = true
Alex, thanks
no, not in jail.conf, I've put it in the
(1)
/etc/fail2ban/jail.local
I've also added postfix, that seems to work:
I've made test failed dovecot and
2020 Apr 09
2
fail2ban firewalld problems with current CentOS 7
Hi!
Am 09.04.20 um 10:07 schrieb Rob Kampen:
[...]
> I too had fail2ban fail after an otherwise successful yum update. Mine occurred in Feb when my versions of firewalld etc were updated to the versions you show. Thus far I have not had the opportunity to sort the problem. Lockdown has been quite busy so far, hopefully some slower times coming next week.
Yeah, those pesky real-life biological
2019 Apr 28
1
faI2ban detecting and banning but nothing happens
> >
> > /var/log/fail2ban.log is showing that it's working:
>
> I have seem similar odd behaviour with f2b with other filters.
> Try to uninstall the package
> fail2ban-systemd
> and stop and start fail2ban again.
> This might change its behavior to the better.
>
The fail2ban-systemd package configures fail2ban to use systemd journal
for log input. The OP
2019 Dec 31
7
Nasty Fail2Ban update for Centos 7
Hi all...
Recently a new Fail2Ban was available among some other updates for my
Centos 7 system, and I just updated all.
It seems that was a very BAD idea.
Just noticed that Fail2Ban have generated a 6MB error log because
of the update, and FirewallD a 1MB log of errors !
(not sure if any of those were really working after this)
ok, I'll just run yum downgrade fail2ban I thought.
Naa, no
2011 Mar 28
8
asterisk and fail2ban
Is anyone using asterisk with fail2ban? I have it working except it takes
way more break-in attempts than what is set in "maxretry" in jail.conf
For example, I get an email saying:
"The IP 199.204.45.19 has just been banned by Fail2Ban after 181 attempts
against ASTERISK."
when "maxretry = 5" in jail.conf
Perhaps someone else is experiencing this or has resolved it,
2020 May 22
3
fail2ban setup centos 7 not picking auth fail?
On Fri, May 22, 2020 2:05 pm, Adi Pircalabu wrote:
> On 22-05-2020 10:38, Voytek Eymont wrote:
>
> Hardly a Dovecot issue. Can you please post the output of this command?
> /usr/bin/fail2ban-regex /var/log/dovecot.log
> /etc/fail2ban/filter.d/dovecot.conf
Adi,
thanks, what I get is:
# /usr/bin/fail2ban-regex /var/log/dovecot.log
/etc/fail2ban/filter.d/dovecot.conf
Running
2017 Dec 16
7
ot: fail2ban dovecot setup
I'm trying to setup and test fail2ban with dovecot
I've installed fail2ban, I've copied config from
https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it,
attempted multiple mail access with wrong password, but, get this:
# fail2ban-client status dovecot-pop3imap
Status for the jail: dovecot-pop3imap
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File
2020 Apr 07
0
fail2ban ban not working
On 4/7/20 11:54 AM, Gary Stainburn wrote:
> I have fail2ban on my mail server monitoring Dovecot and Exim.
>
> I have noticed that it has stopped banning IP's. I have seen in /var/log/fail2ban.log:
>
> 2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO [dovecot] Found 77.40.61.224 - 2020-04-07 09:42:05
> 2020-04-07 09:42:06,408 fail2ban.actions [16138]:
2014 Jun 16
4
iptables question
I'm running fail2ban to attempt to block malicious brute-force password
dictionary attacks against ssh. They seem to be rolling through a block of ip
addresses as the source to defeat this kind of screening, so I've set some ip
addresses to be blocked in iptables. Here is the output of iptables -L (edited):
Chain INPUT (policy ACCEPT)
target prot opt source destination
2015 Oct 29
0
Semi-OT: fail2ban issue
This should probably be a bug report for the fail2ban EPEL maintainer, the problem was introduced in version 0.9.3
>From the file /etc/fail2ban/action.d/iptables-common.conf
...
# Option: lockingopt
# Notes.: Option was introduced to iptables to prevent multiple instances from
# running concurrently and causing irratic behavior. -w was introduced
# in iptables 1.4.20, so
2020 Feb 26
0
CentOS 7 : SELinux trouble with Fail2ban
On Wed, 26 Feb 2020 at 14:06, Jonathan Billings <billings at negate.org> wrote:
> On Feb 26, 2020, at 08:52, Nicolas Kovacs <info at microlinux.fr> wrote:
> >
> >> Le 26/02/2020 ? 11:51, Nicolas Kovacs a ?crit :
> >> SELinux is preventing /usr/bin/python2.7 from read access on the file
> disable.
> >> ***** Plugin catchall (100. confidence)