I mean, assuming you're logging access attempts then sure, anything can be done.
I wrote this for radius attempts, so the filter and action won't help any in your case, but just for general ideas I'll include them. The jail config contains: [radiusd] enabled = true port = 1812,1813 protocol = udp logpath = /var/log/freeradius/radius.log filter = radiusd banaction = radiusd the filter.conf contains: [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] failregex = Auth: \(\d+\) Login incorrect \(.*\): \[.*\] \(.* port \d+ cli <HOST>\).*$ Auth: \(\d+\) Invalid user: \[.*\] \(.* port \d+ cli <HOST>\).*$ ignoreregex = Auth:.*OK.*[Ss][Uu][Cc][Cc][Ee][Ss][Ss].*$ Auth: \(\d+\) Login incorrect \(.*\): \[.*\] \(.* port \d+ cli 10\.11\.12\.13\).*$ The action config contains: [INCLUDES] before = iptables-common.conf [Definition] actionstart = <iptables> -N f2b-<name> <iptables> -A f2b-<name> -j <returntype> <iptables> -I <chain> -p <protocol> -j f2b-<name> actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name> <actionflush> <iptables> -X f2b-<name> actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]' actionban = <iptables> -I f2b-<name> 1 -m string --string <ip> --algo bm -j <blocktype> actionunban = <iptables> -D f2b-<name> -m string --string <ip> --algo bm -j <blocktype> [Init] (in that case, because of how radius is relayed from the intended target, I didn't want to block access from those devices, I wanted to block the originating IP making the call to the device, so probably not needed in any other circumstance) Brantley Padgett The question is not how far. The question is, do you possess the constitution, the depth of faith, to go as far as is needed? -Boondock Saints On Monday, December 5, 2022, 01:37:22 PM CST, solarflow99 <solarflo...@gmail.com> wrote: hi, What i'm trying to do is have the telnet server jailed the same like sshd is. I see support for httpd, bind, etc. lots of other services but nothing I can find for telnet. Its not common anyone would use telnet anymore, maybe thats why but I have a use case where I do need it. On Mon, Dec 5, 2022 at 11:19 AM Nick Howitt via Fail2ban-users <fail2ban-users@lists.sourceforge.net> wrote: > > Top posting as the thread is a mess. > > Is this really correct? You can telnet into lots of open ports e.g 80 and 25. > Even SSL ports like 443 and 587, not that you can do much once you're in. > > > On 05/12/2022 18:32, solarflow99 wrote: > > >> >> >> thats right, who needs that anyway. I'm so glad to get your answer, I don't >> know what i'd do without it. >> >> >> >> >> >> Great help, thx! >> >> >> >> >> >> >> >> >> >> >> On Mon, Dec 5, 2022 at 10:13 AM Patrick Shanahan <p...@opensuse.org> wrote: >> >> >>> * solarflow99 <solarflo...@gmail.com> [12-05-22 12:26]: >>>> great answer! >>>> >>>> >>>> On Mon, Dec 5, 2022 at 6:20 AM Patrick Shanahan <p...@opensuse.org> wrote: >>>> >>>> > * solarflow99 <solarflo...@gmail.com> [12-05-22 00:29]: >>>> > > Is there any way to do this? >>>> > >>>> > block port 23 tcp >>>> > >>>> > >>>> > >>>> > > _______________________________________________ >>>> > > Fail2ban-users mailing list >>>> > > Fail2ban-users@lists.sourceforge.net >>>> > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>>> > >>>> > >>>> > -- >>>> > (paka)Patrick Shanahan Plainfield, Indiana, USA >>>> > @ptilopteri >>>> > http://en.opensuse.org openSUSE Community Member >>>> > facebook/ptilopteri >>>> > Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet >>>> > oftc >>>> > >>> >>> it is the *correct* answer >>> >>> -- >>> (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri >>> http://en.opensuse.org openSUSE Community Member facebook/ptilopteri >>> Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet oftc >>> >>> >>> _______________________________________________ >>> Fail2ban-users mailing list >>> Fail2ban-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>> >> >> >> >> >> >> >> >> _______________________________________________ >> Fail2ban-users mailing list >> Fail2ban-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> > > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
