While looking through the fail2ban log files I noticed log lines such as below:
2016-02-21 18:25:07,598 fail2ban.filter [12834]: WARNING Determined IP using DNS Lookup: node1.i-surveillance.pro = ['212.83.170.26']From fail2ban manual this is due to the default setting "usedns=warn".
I was wondering if there is any case where "usedns=no" might be problematic given that I want to ban traffic from specific IP addresses that scan for repeated ssh logins. From the manual: # "usedns" specifies if jails should trust hostnames in logs, # warn when DNS lookups are performed, or ignore all hostnames in logs # # yes: if a hostname is encountered, a DNS lookup will be performed. # warn: if a hostname is encountered, a DNS lookup will be performed, # but it will be logged as a warning. # no: if a hostname is encountered, will not be used for banning, # but it will be logged as info. usedns = no Thanks for you help. -- Atnakus Arzah <[email protected]> When in doubt, have a cookie!
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
