Re: [asterisk-users] Iptables configuration to handle brute, force registrations?

Tue, 05 Apr 2011 12:41:25 -0700 

On Tue, 5 Apr 2011, Sherwood McGowan wrote:



Why run fail2ban and add overhead when you can just do the same thing 
with iptables itself?



On 4/5/2011 2:11 PM, Steve Edwards wrote:



Because it's not the same?



The iptables approach is great because it is 'light-weight' and it 
should already 'be there.' Also, it can react quicker because it 
doesn't have to read log files to make a decision.



The 'downside' of the iptables approach is that the blocks go away when 
iptables is reloaded -- like when the host is restarted.


Probably not an issue with Gordon since his hosts stay up for years.


I'm thinking the iptables approach supplemented with a script to 
periodically save the block list to disk would allow persistent blocks 
as well as letting you accumulating blocks between all your hosts.


Which would still be much 'lighter' than fail2ban.


On Tue, 5 Apr 2011, Sherwood McGowan wrote:


Agreed on all points Steve. I've already implemented an auto save 
function, to workaround the drawback you mentioned.


Then you're already a couple of steps down the path further than me :)


Are there possibly other drawbacks that I'm not seeing/remembering? I've 
been running an iptables based setup for some time, never really jumped 
into the fail2ban wagon



I've never used fail2ban either. I don't think it's advantages are 
functional, but the more somewhat intangible:


) It's included with several of the all-in-one Asterisk distributions.

) It's documented.

) It's more flexible

) Somebody else gets to enhance and maintain the code.

--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards       [email protected]      Voice: +1-760-468-3867 PST
Newline                                              Fax: +1-760-731-3000

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
              http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users






















					Reply via email to