* Richard Creighton <[EMAIL PROTECTED]> [07-29-07 15:46]:
> I don't think he wants to block off the public, just someone he has
> detected abusing.
exactly and I am presently using fail2ban to block:
[postfix-tcpwrapper]
enabled = true
filter = postfix
action = hostsdeny[file=/etc/hosts.deny]
mail[name=Postfix, [EMAIL PROTECTED]
logpath = /var/log/mail
bantime = 300
which places 554 rejection ip into /etc/hosts.deny, but the firewall
action denying rogue ssh attempts is cleaner, requires less resources
and sees the ip sooner.
is this correct:
FW_SERVICES_ACCEPT_EXT="0/0,tcp,25,,hitcount=3,blockseconds=120
--
Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
Registered Linux User #207535 @ http://counter.li.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
