On Fri, 2 Dec 2011, Jim Lucas wrote:
How is using Fail2Ban less resource intensive then me writing (by hand) iptable rules?
It depends on how you define resources and how much of those resources you have.
Gordon (based on my understanding of his posts) does a lot of Asterisk systems on very limited hardware hosts. His approach uses iptables features to limit the number of SIP INVITES and REGISTERS per second per IP address.
Thus, Gordon's approach is more responsive (since it doesn't require periodic log file scanning) and requires less hardware resources (since it doesn't depend on running relatively 'slothish' resource intensive script interpreters like Perl or PHP periodically).
If you have limited admin skills and more hardware resources, F2B makes sense.
If you have more admin skills and limited hardware resources, Gordon's approach makes more sense.
Personally, I find any approach that tracks log files 'hackish' but if you centralize your logging (which I always do) it does allow you to detect patterns of abuse across multiple hosts.
-- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
