Hi,
I've been using various versions of f2b for a while now and everything's
been working fine. I've recently upgraded to 0.9.4.dev0 from git, and at
the same time swapped from firehol to ufw.
I completely blew my old f2b configuration (which was hacked from a pre-0.9
installation and so was a really mess) and used the default setup that
comes with the install. I added my own filter:
[Definition]
failregex = ^.*IN-internet.*SRC=<HOST>
^.*SYN FLOOD.*SRC=<HOST>
^.*BLOCK.*IN=eth0.*<HOST>
Checking against fail2ban-regexp shows this hits /var/log/syslog perfectly
well.
I added the following jail:
[portscan]
enabled = true
protocol = any
action = ufw[name=portscan]
logpath = /var/log/syslog
maxretry = 3
This seems to find infractions, but does nothing about them:
john@gold /etc/fail2ban % sudo fail2ban-client status portscan
Status for the jail: portscan
|- Filter
| |- Currently failed: 2
| |- Total failed: 2
| `- File list: /var/log/syslog
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
I've swapped out the action for:
action = iptables-allports
That seems to make no difference. This configuration worked fine in 0.9.3.
So, am I misunderstanding something fundamental about how f2b (should) work
here, or is something not working right?
Thanks in advance,
Me...
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
