> On Aug 11, 2018, at 11:20 AM, Michael Keuter <li...@mksolutions.info> wrote: > > >> Am 11.08.2018 um 18:10 schrieb Cody Alderson <aldersona...@gmail.com>: >> >> Hi, >> >> I made changes based on recommendations here to have the banned hosts >> persist after a reboot. On the status screen there was a long list of banned >> hosts under the "Adaptive Ban Plugin Status" section. I recently rebooted, >> and I noticed the list has far fewer IP addresses than it used to. Note that >> I also upgraded Astlinux to the most recent stable version. >> >> My question is, did upgrading make the change I put in place to keep the >> banned hosts after a reboot back to some default I do not know about? >> Another issue is that I did not write down the change I made to have the >> banned hosts persist after a reboot, so I can't even check it. >> >> So, would someone please advise me as to what I likely changed to have >> banned hosts persist after a reboot? Also, does upgrading Astlinux switch >> any user changes to default software configurations back to defaults? >> >> Thank you, >> >> Cody > > Hi Cody, > > the "Banned Hosts list" from the Adaptive Ban Plugin is generated from the > entries in the "/var/log/messages" file (like Fail2Ban works too). > Usually the log file is deleted on reboot, unless you have manually set > "PERSISTLOG=yes" in your "user.conf". > > But depending on how your firewall is configured, you can permanently block > IP-addresses either in > "/mnt/kd/blocked-hosts" or if you use *.netset blocking-list files in > "/mnt/kd/blocklists/blocked-hosts.netset" > > https://doc.astlinux.org/userdoc:tt_firewall_external_block_list > > Michael
+1 Michael Cody, if you are getting a lot of banned IP's from the adaptive-ban plugin, it may be a good time to re-think what is exposed to the public internet. 1) If you don't have SIP clients accessing remotely, then there is no need to allow UDP 5060 from the public. 2) If you must allow public SIP clients, look at the dyndns-host-open plugin to restrict access or the sip-user-agent plugin with SIP_USER_AGENT_PASS_TYPES defined. 3) Consider using a VPN for clients to access remotely. Overlapping layers of security to tighten public access is good practice. Lonnie ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
