Hi Richard, When I was getting IP's with your sorts of values it was because I'd wrongly done a filter and it was taking the process ID - an numeric field - then converting that to an IP address and banning that rather than pick up the correct IP address from the log message. :(
Also, I don't know BSD at all, but if the firewall is anything like the iptables firewall, it is not suitable for 24k blocking rules. ipset is a much better tool. HTH, Nick On 2016-02-25 16:25, Richard Mealing wrote: > Hey Christoph, > > I get a lot of this - > > WARNING Determined IP using DNS Lookup: 35143 = ['0.0.137.71'] > > Here's my jail.local file - > > [DEFAULT] > bantime = 31536000 > > > [sendmail-auth] > enabled = true > port = submission,465,smtp > logpath = %(syslog_mail)s > > > [sendmail-reject] > enabled = true > port = smtp,465,submission > logpath = %(syslog_mail)s > > > [sendmail] > enabled = true > port = smtp,465,submission > logpath = %(syslog_mail)s > > > I'm going to add this now - > > usedns = no > > to jail.local - but I don't get why this option is by default set to > warn. Should it not be off? I've never thought this was a good idea. > > This is the only thing I have amended from the default config. My > sendmail.conf filter contains some of my own regular expressions, > which I am willing to share, but they are quite simple regex lines. > From testing they all work fine. > > > When I ban around 24k of IP addresses (ipfw tables) it seems to stop > working. Memory issue maybe? Is there a way to increase the memory? Or > can I tell it to use ram disk tmpfs, if that would help? > I was thinking of pumping all these addresses into my own rbl, but as > I use delay checks in sendmail it doesn't work as well. I'm thinking > of just turning that off soon. > > Thanks, > Rich > > -----Original Message----- > From: Christoph Theis [mailto:[email protected]] > Sent: 25 February 2016 14:10 > To: Richard Mealing <[email protected]>; > [email protected] > Subject: Re: [Fail2ban-users] Fail2ban & FreeBSD > > Hello Richard! > > Am 25.02.2016 um 14:39 schrieb Richard Mealing: >> It's a real shame this doesn't work with FreeBSD. It always used to. >> I've tried changing loads of things and it just doesn't work very >> well. >> >> I'm using the latest everything. Are there any plans to develop this >> on FreeBSD so it works properly? > > I'm using fail2ban on a couple of FreeBSD machines and it is running > just fine, so it is not a general problem but looks like a specific > problem on your machines. As to why it stops / crashes: I have to > refer you to the fail2ban developers, if there are any debug flags you > could turn on. > > > Best regards > > Christoph > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
