Hi I use fail2ban recidive jail to block repeat attacks. On Centos 7 I have the default configuration from the distributed jail.conf file that uses the iptables-allports banaction.
I also have udp jails (like asterisk and named). It came as a bit of a surprise when I noticed continuing attempts against asterisk and named for ips contained in the recidive jail chain. I've opened an issue on the tracker with a suggested fix, but I thought it was worthwhile to provide a heads up to the list since it seems that the current recidive configuration only blocks tcp and not udp traffic. https://github.com/fail2ban/fail2ban/issues/1166 As an alternative I have also submitted a configuration file that uses ipset lookups (in conjunction with firewalld on Centos 7). It can be enabled by changing the recidive jail banaction from banaction = iptables-allports to banaction = firewallcmd-ipset-allports https://github.com/fail2ban/fail2ban/issues/1167 If not using firewalld, there's already a suitable configuraion file that can be used: iptables-ipset-proto6-allports (which despite the name only operates on ipv4). Hope this info is useful. John ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
