[Fail2ban-users] Fwd: Re: Fwd: Use Fail2ban to protect Postfix/Dovecot on CentOS 7

Wed, 31 Mar 2021 09:11:10 -0700 




> I use this as an enhancement to f2b:
>
> https://github.com/dpsystems/login-shield
>
>

> It contains a number of blacklists and blocks 
login ports from areas of known

> issues.  The IP that attacked your system was by default in the blacklist.
>

> If you're in France you'll want to check some 
of the areas and either blacklist

> or whitelist appropriately, but this script has cut down my attacks by 99%

This looks very interesting.

How would you use these scripts in conjunction with FirewallD ?



The scripts work in conjunction with ipset (which 
is also used by fail2ban).  By default there's a 
command to enable the blocks using iptables.  I 
think it's just a minor change to rewrite the 
iptables rule to use firewalld instead, or you 
could implement the iptables commands under 
firewalld: see: 
https://unix.stackexchange.com/questions/279937/is-firewalld-the-same-as-iptables



I don't know all the details of the differences 
between firewalld and iptables - it may vary from 
OS to OS, but basically it's just two lines that 
implement the ipset blacklist (one for blocking, 
one for logging) and if you are using a different 
firewall, as long as it's compatible with ipset, 
you're good to go.  Worse case is you have to 
rewrite the iptables command for your particular 
flavor firewall.  If you do that, notify the 
author.  He's happy to include those commands in the project for other users.



Last month, I noticed fail2ban didn't even have 
most of my ipset lists created.  I thought 
something was wrong, but it turns out 
login-shield was so effective at keeping people 
from even trying to hack my server, fail2ban 
didn't catch any failed logins.  That was pretty 
cool.   Unlike f2b which uses individual IP 
address blocks, login-shield uses CIDR ranges 
tied to known sources of hacking and is regularly 
updated.  There's also a way where you can make 
your own modified version of the lists.





_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to