Hi Bill and thanks for the reply. yes the situation is very specific and indeed it is the src port that must match. It will not change and this is done in order to address an issue with some devices that goes nuts (read - stuck in some kind of loop) following a network outage.
Now can you guide me on how to actually do this ? Any examples available ? Cheers! On Mon, Jul 29, 2019 at 8:31 PM Bill Shirley <[email protected]> wrote: > > Yes, you can write a filter, action, and jail to accomplish this. > > It's strange that you would want to ban on source port. Source ports are > usually > random and if an IP is banned, they could just switch their source port. Are > you > sure you don't mean destination port? Like ban an IP accessing your web > server > (port 80)? > > Bill > > On 7/27/2019 11:06 PM, Mick Burns wrote: > > Hello > > Having a situation here where I need to be more specific in my bans > than just an IP address. > Indeed, not only I need to ban on the source IP, but also on the source port. > My log files entries exposes this in a pretty standard form : src_ip:port > > Is this feasible at all with f2b ? > > Thank you. > > > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
